Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tKr6T60C1r.exe

Overview

General Information

Sample name:tKr6T60C1r.exe
renamed because original name is a hash value
Original sample name:7183_36267834_f649b1aeeffa6f99f42435e1ad28d7bf7687c545d4c0e2add1b6ac8c871d7133_setup (1).exe
Analysis ID:1498107
MD5:7a76afaca4af78f671cc47cb7993eecf
SHA1:e3db2469e3dfe8d8367b40acd599d0ea9a6ffd20
SHA256:f649b1aeeffa6f99f42435e1ad28d7bf7687c545d4c0e2add1b6ac8c871d7133
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Contains functionality to register a low level keyboard hook
Creates multiple autostart registry keys
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • tKr6T60C1r.exe (PID: 7700 cmdline: "C:\Users\user\Desktop\tKr6T60C1r.exe" MD5: 7A76AFACA4AF78F671CC47CB7993EECF)
    • chrome.exe (PID: 7932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 8144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 2168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 4268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • nsrC311.tmp (PID: 8948 cmdline: "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force MD5: 3091083F66939A0DF8DBA2D77E65FC51)
      • PcAppStore.exe (PID: 8268 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: 92CC70D7D67DB4A1DFC22857920C9364)
        • explorer.exe (PID: 4056 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • Watchdog.exe (PID: 4104 cmdline: "C:\Users\user\PCAppStore\Watchdog.exe" /guid=19882742-CC56-1A59-9779-FB8CBFA1E29D /rid=20240823105755.8197303796 /ver=fa.1091q MD5: 7B432B3DA82D7E40916D1D2EB6F9F48D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\PCAppStore\PCAppStore.exe" /init default, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\nsrC311.tmp, ProcessId: 8948, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force, CommandLine: "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force, CommandLine|base64offset|contains: )z, Image: C:\Users\user\AppData\Local\Temp\nsrC311.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\nsrC311.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\nsrC311.tmp, ParentCommandLine: "C:\Users\user\Desktop\tKr6T60C1r.exe", ParentImage: C:\Users\user\Desktop\tKr6T60C1r.exe, ParentProcessId: 7700, ParentProcessName: tKr6T60C1r.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force, ProcessId: 8948, ProcessName: nsrC311.tmp

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\PCAppStore\AutoUpdater.exeReversingLabs: Detection: 25%
Source: C:\Users\user\PCAppStore\PcAppStore.exeReversingLabs: Detection: 45%
Source: C:\Users\user\PCAppStore\Watchdog.exeReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\Watchdog.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to behavior
Source: https://td.doubleclick.net/td/rul/858128210?random=1724424969591&cv=11&fst=1724424969591&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_viewHTTP Parser: No favicon
Source: https://td.doubleclick.net/td/rul/858128210?random=1724424969537&cv=11&fst=1724424969537&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.configHTTP Parser: No favicon
Source: https://td.doubleclick.net/td/rul/858128210?random=1724424970523&cv=11&fst=1724424970523&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3DconversionHTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\Watchdog.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpEXE: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to behavior
Uses 32bit PE files
Source: tKr6T60C1r.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a software uninstall entry
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\ui\static\js\2.0e8f1429.chunk.js.LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior
PE / OLE file has a valid certificate
Source: tKr6T60C1r.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 212.102.56.179:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.205.111:443 -> 192.168.2.7:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49859 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: tKr6T60C1r.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2591297476.00007FF6161C9000.00000002.00000001.01000000.00000016.sdmp, Watchdog.exe, 00000011.00000000.2495694821.00007FF6161C9000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\AppStoreUpdater\Release\auto_updater.pdb5 source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: tKr6T60C1r.exe, 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\engine\Release\PCAppStore.pdb source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmp
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,14_2_00405D74
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_0040699E FindFirstFileW,FindClose,14_2_0040699E
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_0040290B FindFirstFileW,14_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F0DC60 FindFirstFileExW,GetLastError,_DebugHeapAllocator,DeleteFileW,FindNextFileW,GetLastError,RemoveDirectoryW,16_2_00F0DC60
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF51F2 FindFirstFileExW,16_2_00FF51F2
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF51D2 FindClose,FindFirstFileExW,GetLastError,16_2_00FF51D2
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_0101D052 FindFirstFileExW,GetLastError,16_2_0101D052
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF5229 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,16_2_00FF5229
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F27B40 FindFirstFileW,FindClose,16_2_00F27B40
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B15F0 FindClose,FindFirstFileExW,GetLastError,17_2_00007FF6161B15F0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B1664 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,17_2_00007FF6161B1664
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C0A18 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_00007FF6161C0A18
Source: Joe Sandbox ViewIP Address: 212.102.56.179 212.102.56.179
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 45.32.1.23 45.32.1.23
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.68
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_7040332C lstrcmpiW,lstrcmpiW,InternetOpenW,GlobalAlloc,lstrcmpiW,GetLastError,lstrlenW,lstrlenW,GlobalAlloc,GlobalAlloc,InternetCrackUrlW,InternetConnectW,lstrcpyW,lstrcpyW,InternetSetOptionW,lstrlenW,InternetSetOptionW,lstrlenW,InternetSetOptionW,InternetSetOptionW,lstrlenW,InternetSetOptionW,lstrlenW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,HttpOpenRequestW,HttpAddRequestHeadersW,HttpAddRequestHeadersW,lstrcmpiW,HttpAddRequestHeadersW,lstrlenW,lstrlenW,GlobalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,HttpAddRequestHeadersW,GlobalFree,GetLastError,lstrcmpiW,lstrlenW,HttpSendRequestW,GetLastError,lstrlenW,HttpSendRequestW,GetLastError,GlobalFree,GlobalFree,HttpSendRequestW,GetLastError,InternetQueryDataAvailable,GlobalAlloc,InternetReadFile,GetLastError,GlobalFree,GetLastError,HttpQueryInfoW,GetLastError,GlobalAlloc,HttpQueryInfoW,GlobalFree,InternetCloseHandle,GetLastError,InternetCloseHandle,GetLastError,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,InternetCloseHandle,GetLastError,14_2_7040332C
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=show_page&p=wel&_fcid=1719416423291719 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=1719416423291719 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=1719416423291719 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=download_start&_fcid=1719416423291719 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /download.php?&src=mini_installer&file=1&mini_ver=fa.1091q HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: delivery.pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q HTTP/1.1Host: pcapp.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091qAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091qAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /src/main_code.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091qAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091qAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719
Source: global trafficHTTP traffic detected: GET /src/main_code.js HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1724424969537&cv=11&fst=1724424969537&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1724424969591&cv=11&fst=1724424969591&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1724424969537&cv=11&fst=1724424969537&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1724424969591&cv=11&fst=1724424969591&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/ga/rul?tid=G-VFQWFX3X1C&gacid=1878683437.1724424970&gtm=45je48l0v898645365za200zb9103256652&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1303857156 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1724424970523&cv=11&fst=1724424970523&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1724424970523&cv=11&fst=1724424970523&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1724424969537&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf2QnO69JuSpJOjcdLHG8WwuMV4pIhNw&random=1977167486&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1724424969591&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfTy1eGfkXubi08cauBmi63_0jv8nCaQ&random=4069214680&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pixelgif.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1724424970523&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHM3PPkg7qVG9o4TAu6nPPRuj6whTBQ&random=2858370071&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1724424969537&cv=11&fst=1724424969537&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1724424969591&cv=11&fst=1724424969591&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1724424970523&cv=11&fst=1724424970523&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091qAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1724424969537&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf2QnO69JuSpJOjcdLHG8WwuMV4pIhNw&random=1977167486&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1724424969591&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfTy1eGfkXubi08cauBmi63_0jv8nCaQ&random=4069214680&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1724424970523&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHM3PPkg7qVG9o4TAu6nPPRuj6whTBQ&random=2858370071&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gt97eyoKPngYfpx&MD=SSPuEZLH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gt97eyoKPngYfpx&MD=SSPuEZLH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=download_done&result=12345678-1234-5678-90AB-CDDEEFAABBCC&_fcid=1719416423291719 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=done&_fcid=1719416423291719 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=internal&prev_v=fa.1091q HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=start&permision= HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=installing&e=03000200-0400-0500-0006-000700080009&u=69 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=localmac&addon[]=EC-F4-BB-82-F7-E0 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parent=&evt_src=fa_installer&evt_action=done HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724432130&nocache=404 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":1,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724434528&nocache=4323 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724432131432&nocache=7305953 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":2,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724436447&nocache=7458 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":3,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724438726&nocache=11180 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":4,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724440885&nocache=14707 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724425090304&nocache=263843 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficDNS traffic detected: DNS query: pcapp.store
Source: global trafficDNS traffic detected: DNS query: delivery.pcapp.store
Source: global trafficDNS traffic detected: DNS query: repository.pcapp.store
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: analytics.google.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: d74queuslupub.cloudfront.net
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:56:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:57:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:58:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 23 Aug 2024 14:58:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: tKr6T60C1r.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000012.00000002.2612829458.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2517147132.0000000007306000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: tKr6T60C1r.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: tKr6T60C1r.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: tKr6T60C1r.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: tKr6T60C1r.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 00000012.00000002.2612829458.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2517147132.0000000007306000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: tKr6T60C1r.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: tKr6T60C1r.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: tKr6T60C1r.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 00000012.00000002.2612829458.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2517147132.0000000007306000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: tKr6T60C1r.exe, 00000000.00000002.2151172095.0000000002D81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSign
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, tKr6T60C1r.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: tKr6T60C1r.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: tKr6T60C1r.exeString found in binary or memory: http://ocsp.digicert.com0
Source: tKr6T60C1r.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, tKr6T60C1r.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: tKr6T60C1r.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 00000012.00000000.2528712559.0000000007C70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2611482984.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2531389202.0000000008820000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: tKr6T60C1r.exe, 00000000.00000002.2151172095.0000000002D81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.c
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, tKr6T60C1r.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: explorer.exe, 00000012.00000000.2517147132.00000000071A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
Source: explorer.exe, 00000012.00000002.2612829458.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000012.00000000.2545915377.000000000C530000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2625725648.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppat
Source: explorer.exe, 00000012.00000002.2612829458.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000012.00000000.2532438302.0000000008F09000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.2532438302.0000000008DA6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000012.00000002.2612829458.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F09000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000012.00000000.2517147132.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.0000000007276000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?t
Source: explorer.exe, 00000012.00000002.2612829458.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: hi.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u
Source: hi.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=hiCtrl$1
Source: mr.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=mr&category=theme81https://myactivity.google.com/myactivity/?u
Source: mr.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=mrCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=thCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=trCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, vi.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, vi.pak.14.drString found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Watchdog.exe, 00000011.00000002.2590550312.000001C3B9900000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000003.2526949581.000001C3B9907000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000003.2527299894.000001C3B7BAA000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/
Source: Watchdog.exe, 00000011.00000003.2526949581.000001C3B9907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/11
Source: Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/c
Source: Watchdog.exe, 00000011.00000002.2590550312.000001C3B9900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/esk
Source: Watchdog.exe, 00000011.00000003.2526949581.000001C3B9907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/l
Source: Watchdog.exe, 00000011.00000002.2590550312.000001C3B9900000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000003.2527299894.000001C3B7BAA000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2591297476.00007FF6161C9000.00000002.00000001.01000000.00000016.sdmp, Watchdog.exe, 00000011.00000000.2495694821.00007FF6161C9000.00000002.00000001.01000000.00000016.sdmp, Watchdog.exe, 00000011.00000003.2542235158.000001C3B9913000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=%ws&version=%ws&evt_src=watch_dog&evt_action=signal_
Source: Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7C15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091
Source: Watchdog.exe, 00000011.00000003.2527299894.000001C3B7BAA000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/tatic
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=&evt_src=fa_mini_insta
Source: tKr6T60C1r.exe, 00000000.00000002.2151306696.0000000002DE2000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DDA000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149716367.0000000002DE1000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=ersion=fa.1091q&src=pc
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091q
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091q/l
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091qF
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/il
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/nd
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/r
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/tdy
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://ev.pcapp.store/p.gifbhistdata=ev.pcapp.store/p.gifbhistpcdetailsproductmain=%d&offer=%d&star
Source: explorer.exe, 00000012.00000000.2539905828.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2624721472.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionend
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1c9Jin.img
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: Watchdog.exe, 00000011.00000003.2527299894.000001C3B7BAA000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://myactivity.google.com/
Source: explorer.exe, 00000012.00000000.2539905828.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2624721472.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drString found in binary or memory: https://passwords.google.com
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, hi.pak.14.dr, mr.pak.14.drString found in binary or memory: https://passwords.google.comGoogle
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, vi.pak.14.drString found in binary or memory: https://passwords.google.comT
Source: nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2475777969.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474134771.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474949812.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000002.2587157310.00000000008F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/
Source: nsrC311.tmp, 0000000E.00000003.2472864538.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/32
Source: nsrC311.tmp, 0000000E.00000003.2474134771.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2472864538.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474426626.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2473105915.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2473880723.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2469627951.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2475394558.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2475777969.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474661734.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2473640251.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474949812.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2473396155.00000000005AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/6
Source: tKr6T60C1r.exe, 00000000.00000003.1390522890.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?p=lpd_appstore-faq
Source: tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/a
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/account/login
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/account/logintray_exit
Source: nsrC311.tmp, 0000000E.00000002.2611852104.0000000003872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/blic
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/cpg_fa.php?guid=An
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu&entryApp=%ws
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu&entryApp=%wsdl_startoid=%d&entry_app=%ws&source
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%dLastVersionauto_updaterlast_v_dl_err
Source: nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=&src=pcapp_full.
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&ve
Source: nsrC311.tmp, 0000000E.00000002.2611852104.0000000003859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&src=pcap
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=&winver=
Source: tKr6T60C1r.exe, 00000000.00000003.1382481641.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779
Source: tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%
Source: nsrC311.tmp, 0000000E.00000003.2461080176.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/ows
Source: PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/pixel.gif
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/pixel.gif?guid=
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=&nocache=%s%s%s%s%s%s%s%s&%s%s%I
Source: nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_installer&evt_action=localmac
Source: PcAppStore.exe, 00000010.00000002.2587157310.00000000008F0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000002.2587157310.000000000092E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_
Source: nsrC311.tmp, 0000000E.00000002.2609274779.00000000005AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parent
Source: tKr6T60C1r.exe, 00000000.00000003.2149626084.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=stallation?&version=RONTD~1
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.store/pixel.gifproductstartedui_creation_errorwaiting_for_UI_connectionwaiting_for_win
Source: nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?guid=By
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?guid=welhttps://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_min
Source: nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/s
Source: nsrC311.tmp, 0000000E.00000002.2611852104.0000000003872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/sicp
Source: nsrC311.tmp, 0000000E.00000003.2461080176.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/stemCertificates
Source: tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/t
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/tos.html?guid=
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://pcapp.storenamepathregpathkeydisplaycountblinkingnotificationIconrunParampathalt_linkregpath
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.ex
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://policies.google.com/
Source: explorer.exe, 00000012.00000002.2624721472.000000000C0E6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2539905828.000000000C0E6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
Source: PcAppStore.exeString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%ws
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsClosingEventSoftware
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000002.2591321598.0000000003230000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 00000012.00000000.2539905828.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2624721472.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, hi.pak.14.dr, mr.pak.14.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, vi.pak.14.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d
Source: chromecache_291.6.drString found in binary or memory: https://www.google.com/pagead/1p-user-list/858128210/?random
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/music/news/6-rock-ballads-that-tug-at-the-heartstrings/ar-AA1hIdsm
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
Source: explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000012.00000000.2517147132.00000000071A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.pollensense.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownHTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 212.102.56.179:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.205.111:443 -> 192.168.2.7:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.7:49859 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F21D50 SetWindowsHookExW 0000000D,00F21CB0,00000000,0000000016_2_00F21D50
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00ED07D0 GetSystemMetrics,GetAsyncKeyState,GetPhysicalCursorPos,WindowFromPoint,GetWindowThreadProcessId,_DebugHeapAllocator,WaitForMultipleObjects,16_2_00ED07D0
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,14_2_00403640
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_00406D5F14_2_00406D5F
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_70141BFF14_2_70141BFF
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_7017B75714_2_7017B757
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_70171BBA14_2_70171BBA
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_7040332C14_2_7040332C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_0100C23016_2_0100C230
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_01013BA816_2_01013BA8
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161BCF5C17_2_00007FF6161BCF5C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C2F3C17_2_00007FF6161C2F3C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B97C817_2_00007FF6161B97C8
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161BE0E817_2_00007FF6161BE0E8
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161BE57C17_2_00007FF6161BE57C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B95BC17_2_00007FF6161B95BC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161BA60017_2_00007FF6161BA600
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B166417_2_00007FF6161B1664
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B93B017_2_00007FF6161B93B0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161BEBFC17_2_00007FF6161BEBFC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161AECC017_2_00007FF6161AECC0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C719817_2_00007FF6161C7198
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C0A1817_2_00007FF6161C0A18
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C2AA017_2_00007FF6161C2AA0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 01009A10 appears 35 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00EA6690 appears 552 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00EDEEB0 appears 41 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00EA5F30 appears 88 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00EDECF0 appears 41 times
Source: libEGL.dll.14.drStatic PE information: Number of sections : 12 > 10
Source: vk_swiftshader.dll.14.drStatic PE information: Number of sections : 11 > 10
Source: node.dll.14.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.14.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.14.drStatic PE information: Number of sections : 12 > 10
Source: notification_helper.exe.14.drStatic PE information: Number of sections : 13 > 10
Source: nw.dll.14.drStatic PE information: Number of sections : 15 > 10
Source: NW_store.exe.14.drStatic PE information: Number of sections : 13 > 10
Source: nw_elf.dll.14.drStatic PE information: Number of sections : 14 > 10
Source: ffmpeg.dll.14.drStatic PE information: Number of sections : 11 > 10
Source: tKr6T60C1r.exe, 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinetc.dllF vs tKr6T60C1r.exe
Source: tKr6T60C1r.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal45.spyw.evad.winEXE@26/252@31/17
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00EB1760 _DebugHeapAllocator,task,task,task,task,_DebugHeapAllocator,task,task,task,task,_DebugHeapAllocator,_DebugHeapAllocator,task,task,task,task,GetLastError,FormatMessageW,task,task,task,task,16_2_00EB1760
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,14_2_00403640
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F1C600 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_DebugHeapAllocator,_DebugHeapAllocator,16_2_00F1C600
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F1A050 FindResourceW,LoadResource,LockResource,SizeofResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GetLastError,16_2_00F1A050
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStoreJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile created: C:\Users\user~1\AppData\Local\Temp\nshAA57.tmpJump to behavior
Source: tKr6T60C1r.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT sql FROM%d UNION ALL SELECT shell_add_schema(sql,mainNULL,name) AS sql, type, tbl_name, name, rowid, AS snum, AS sname FROM .sqlite_schema UNION ALL SELECT shell_module_schema(name), 'table', name, name, name, 9e+99, 'main' FROM pragma_module_list) WHERE %Qlower(printf('%s.%s',sname,tbl_name))lower(tbl_name) GLOB LIKE ESCAPE '\' AND name NOT LIKE 'sqlite_%%' AND sql IS NOT NULL ORDER BY snum, rowidSQL: %s;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');%s
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT max(length(key)) FROM temp.sqlite_parameters;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: CREATE TABLE ColNames( cpos INTEGER PRIMARY KEY, name TEXT, nlen INT, chop INT, reps INT, suff TEXT);CREATE VIEW RepeatedNames AS SELECT DISTINCT t.name FROM ColNames t WHERE t.name COLLATE NOCASE IN ( SELECT o.name FROM ColNames o WHERE o.cpos<>t.cpos);
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT type,name,tbl_name,sql FROM sqlite_schema ORDER BY name;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT key, quote(value) FROM temp.sqlite_parameters;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: INSERT INTO selftest(tno,op,cmd,ans) SELECT rowid*10,op,cmd,ans FROM [_shell$self];
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;Warning: cannot step "%s" backwardsSELECT name, sql FROM sqlite_schema WHERE %sError: (%d) %s on [%s]
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT tbl,idx,stat FROM sqlite_stat1 ORDER BY tbl,idx;
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT 'EXPLAIN QUERY PLAN SELECT 1 FROM ' || quote(s.name) || ' WHERE ' || group_concat(quote(s.name) || '.' || quote(f.[from]) || '=?' || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]),' AND '), 'SEARCH ' || s.name || ' USING COVERING INDEX*(' || group_concat('*=?', ' AND ') || ')', s.name || '(' || group_concat(f.[from], ', ') || ')', f.[table] || '(' || group_concat(COALESCE(f.[to], p.[name])) || ')', 'CREATE INDEX ' || quote(s.name ||'_'|| group_concat(f.[from], '_')) || ' ON ' || quote(s.name) || '(' || group_concat(quote(f.[from]) || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]), ', ') || ');', f.[table] FROM sqlite_schema AS s, pragma_foreign_key_list(s.name) AS f LEFT JOIN pragma_table_info AS p ON (pk-1=seq AND p.arg=f.[table]) GROUP BY s.name, f.id ORDER BY (CASE WHEN ? THEN f.[table] ELSE s.name END)
Source: PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;ALTER TABLE temp.%Q RENAME TO %QINSERT INTO %Q VALUES(, %s?)UPDATE %Q SET , %s%Q=?DELETE FROM %QSELECT type, name, sql, 1 FROM sqlite_schema WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%%' UNION ALL SELECT type, name, sql, 2 FROM sqlite_schema WHERE type = 'trigger' AND tbl_name IN(SELECT name FROM sqlite_schema WHERE type = 'view') ORDER BY 4, 1CREATE TABLE x(, %s%Q COLLATE %s)CREATE VIRTUAL TABLE %Q USING expert(%Q)SELECT max(i.seqno) FROM sqlite_schema AS s, pragma_index_list(s.name) AS l, pragma_index_info(l.name) AS i WHERE s.type = 'table', %sx.%Q IS rem(%d, x.%Q) COLLATE %s%s%dSELECT %s FROM %Q x ORDER BY %sSELECT %s FROM temp.t592690916721053953805701627921227776 x ORDER BY %s%d %dDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776CREATE TABLE temp.t592690916721053953805701627921227776 AS SELECT * FROM %QSELECT s.rowid, s.name, l.name FROM sqlite_schema AS s, pragma_index_list(s.name) AS l WHERE s.type = 'table'SELECT name, coll FROM pragma_index_xinfo(?) WHERE keyINSERT INTO sqlite_stat1 VALUES(?, ?, ?)ANALYZE; PRAGMA writable_schema=1remsampleDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776ANALYZE sqlite_schemaDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776:memory::memory:SELECT sql FROM sqlite_schema WHERE name NOT LIKE 'sqlite_%%' AND sql NOT LIKE 'CREATE VIRTUAL %%'Cannot find a unique index name to propose. -- stat1: %s;%s%s
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: INSERT OR IGNORE INTO "%s" VALUES(?,?);Error %d: %s on [%s]
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494980919.0000000001070000.00000008.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: SELECT name,seq FROM sqlite_sequence ORDER BY name;
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile read: C:\Users\user\Desktop\tKr6T60C1r.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\tKr6T60C1r.exe "C:\Users\user\Desktop\tKr6T60C1r.exe"
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess created: C:\Users\user\AppData\Local\Temp\nsrC311.tmp "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=19882742-CC56-1A59-9779-FB8CBFA1E29D /rid=20240823105755.8197303796 /ver=fa.1091q
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719Jump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess created: C:\Users\user\AppData\Local\Temp\nsrC311.tmp "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /forceJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=19882742-CC56-1A59-9779-FB8CBFA1E29D /rid=20240823105755.8197303796 /ver=fa.1091qJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: PC App Store.lnk.14.drLNK file: ..\..\..\..\..\..\PCAppStore\PcAppStore.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Source: tKr6T60C1r.exeStatic PE information: certificate valid
Source: tKr6T60C1r.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2591297476.00007FF6161C9000.00000002.00000001.01000000.00000016.sdmp, Watchdog.exe, 00000011.00000000.2495694821.00007FF6161C9000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\AppStoreUpdater\Release\auto_updater.pdb5 source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: tKr6T60C1r.exe, 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Build\Build_1091q_D20240621T152345\fa_rss\engine\Release\PCAppStore.pdb source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmp
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_70141BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,14_2_70141BFF
Source: nsJSON.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: libEGL.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x7ddc6
Source: vk_swiftshader.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x44caa7
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: inetc.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: nsJSON.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: vulkan-1.dll.14.drStatic PE information: real checksum: 0x0 should be: 0xe0b14
Source: System.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: libGLESv2.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x7b9652
Source: notification_helper.exe.14.drStatic PE information: real checksum: 0x0 should be: 0x11edb8
Source: tKr6T60C1r.exeStatic PE information: real checksum: 0x26a47 should be: 0x21cdb
Source: Math.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x155a8
Source: NW_store.exe.14.drStatic PE information: real checksum: 0x0 should be: 0x23ab08
Source: nw_elf.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x124d11
Source: inetc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: ffmpeg.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x1f8136
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2f9b
Source: NW_store.exe.14.drStatic PE information: section name: .gxfg
Source: NW_store.exe.14.drStatic PE information: section name: .retplne
Source: NW_store.exe.14.drStatic PE information: section name: .voltbl
Source: NW_store.exe.14.drStatic PE information: section name: CPADinfo
Source: NW_store.exe.14.drStatic PE information: section name: _RDATA
Source: NW_store.exe.14.drStatic PE information: section name: malloc_h
Source: ffmpeg.dll.14.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.14.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.14.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.14.drStatic PE information: section name: _RDATA
Source: libEGL.dll.14.drStatic PE information: section name: .gxfg
Source: libEGL.dll.14.drStatic PE information: section name: .retplne
Source: libEGL.dll.14.drStatic PE information: section name: .voltbl
Source: libEGL.dll.14.drStatic PE information: section name: _RDATA
Source: libEGL.dll.14.drStatic PE information: section name: malloc_h
Source: libGLESv2.dll.14.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.14.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.14.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.14.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.14.drStatic PE information: section name: malloc_h
Source: node.dll.14.drStatic PE information: section name: .gxfg
Source: node.dll.14.drStatic PE information: section name: .retplne
Source: node.dll.14.drStatic PE information: section name: .voltbl
Source: node.dll.14.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.14.drStatic PE information: section name: .gxfg
Source: notification_helper.exe.14.drStatic PE information: section name: .retplne
Source: notification_helper.exe.14.drStatic PE information: section name: .voltbl
Source: notification_helper.exe.14.drStatic PE information: section name: CPADinfo
Source: notification_helper.exe.14.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.14.drStatic PE information: section name: malloc_h
Source: nw.dll.14.drStatic PE information: section name: .gxfg
Source: nw.dll.14.drStatic PE information: section name: .retplne
Source: nw.dll.14.drStatic PE information: section name: .rodata
Source: nw.dll.14.drStatic PE information: section name: .voltbl
Source: nw.dll.14.drStatic PE information: section name: CPADinfo
Source: nw.dll.14.drStatic PE information: section name: LZMADEC
Source: nw.dll.14.drStatic PE information: section name: _RDATA
Source: nw.dll.14.drStatic PE information: section name: malloc_h
Source: nw_elf.dll.14.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.14.drStatic PE information: section name: .gxfg
Source: nw_elf.dll.14.drStatic PE information: section name: .retplne
Source: nw_elf.dll.14.drStatic PE information: section name: .voltbl
Source: nw_elf.dll.14.drStatic PE information: section name: CPADinfo
Source: nw_elf.dll.14.drStatic PE information: section name: _RDATA
Source: nw_elf.dll.14.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.14.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.14.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.14.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.14.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.14.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.14.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.14.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.14.drStatic PE information: section name: _RDATA
Source: Watchdog.exe.14.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_701430C0 push eax; ret 14_2_701430EE
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_701799C0 push eax; ret 14_2_701799EE
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_010093E2 push ecx; ret 16_2_010093F5
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile created: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\AutoUpdater.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile created: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile created: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\Watchdog.exeJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile created: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\Math.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\PcAppStore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeFile created: C:\Users\user\AppData\Local\Temp\nsrC311.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\ui\static\js\2.0e8f1429.chunk.js.LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F1C600 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_DebugHeapAllocator,_DebugHeapAllocator,16_2_00F1C600
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\Math.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\AutoUpdater.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\node.dllJump to dropped file
Source: C:\Users\user\Desktop\tKr6T60C1r.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\PCAppStore\PcAppStore.exeAPI coverage: 8.3 %
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 3952Thread sleep count: 37 > 30Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 3952Thread sleep time: -2220000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 5084Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 3952Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,14_2_00405D74
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_0040699E FindFirstFileW,FindClose,14_2_0040699E
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_0040290B FindFirstFileW,14_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F0DC60 FindFirstFileExW,GetLastError,_DebugHeapAllocator,DeleteFileW,FindNextFileW,GetLastError,RemoveDirectoryW,16_2_00F0DC60
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF51F2 FindFirstFileExW,16_2_00FF51F2
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF51D2 FindClose,FindFirstFileExW,GetLastError,16_2_00FF51D2
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_0101D052 FindFirstFileExW,GetLastError,16_2_0101D052
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF5229 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,16_2_00FF5229
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F27B40 FindFirstFileW,FindClose,16_2_00F27B40
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B15F0 FindClose,FindFirstFileExW,GetLastError,17_2_00007FF6161B15F0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B1664 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,17_2_00007FF6161B1664
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C0A18 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_00007FF6161C0A18
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000Jump to behavior
Source: tKr6T60C1r.exe, 00000000.00000003.1333478147.0000000000554000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Microsoft%2BVisual%2BC%252B%252B%2B2022%2BX64%2BMinimum%2BRuntime%2B-%2B14%252E36%252E32532","10":"Microsoft%252BVisual%252BC%25252B%25252B%252B2022%252BX64%252BMinimum%252BRuntime%252B-%252B14%25252E36%25252E32532","11":"Microsoft%25252BVisual%25252BC%2525252B%2525252B%25252B2022%25252BX64%25252BMinimum%25252BRuntime%25252B-%25252B14%2525252E36%2525252E32532","12":"Google+Chrome","13":"Microsoft+Edge","14":"Microsoft+Edge+Update","15":"Microsoft+Edge+WebView2+Runtime","16":"Java+Auto+Updater","17":"Java+8+Update+381","18":"Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532","19":"Office+16+Click-to-Run+Extensibility+Component"},"sys_lang":"en-GB","parent_proc":"explorer%2Eexe"}
Source: explorer.exe, 00000012.00000000.2507994945.0000000000C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000I
Source: tKr6T60C1r.exe, 00000000.00000003.1333434642.000000000051A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GU0jMstem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device",
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: Watchdog.exe, 00000011.00000002.2588552849.000001C3B7B7F000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000003.2527732985.000001C3B7B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: explorer.exe, 00000012.00000000.2532438302.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: nsrC311.tmp, 0000000E.00000003.2474949812.00000000005C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: LstringVMware, Inc.t32<c
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000553000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000534000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474134771.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2472864538.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2460906844.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474426626.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2473105915.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2473880723.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2611852104.0000000003820000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2469627951.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2475394558.00000000005AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9dVMware20,1
Source: tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware%2C+Inc%2E
Source: PcAppStore.exe, 00000010.00000002.2587157310.00000000008F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductDWACU819882742-CC56-1A59-9779-FB8CBFA1E29DVMware, I*+K
Source: PcAppStore.exe, 00000010.00000002.2587157310.0000000000939000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SeE
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: tKr6T60C1r.exe, 00000000.00000003.1331825361.000000000051A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29",
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
Source: explorer.exe, 00000012.00000000.2517147132.0000000007306000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_xU1
Source: tKr6T60C1r.exe, 00000000.00000003.1331825361.000000000051A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: !Rstem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device",
Source: explorer.exe, 00000012.00000000.2532438302.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
Source: PcAppStore.exe, 00000010.00000003.2505394240.00000000008F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductDWACU819882742-CC56-1A59-9779-FB8CBFA1E29DVMware, Inc.None3
Source: nsrC311.tmp, 0000000E.00000003.2474949812.00000000005C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: LstringVMware, Inc.4
Source: explorer.exe, 00000012.00000002.2612829458.0000000009052000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000}io
Source: explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000I}~"
Source: explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: tKr6T60C1r.exe, 00000000.00000003.1333434642.000000000051A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GUstem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration",
Source: explorer.exe, 00000012.00000002.2612829458.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\machine.inf_loc5
Source: nsrC311.tmp, 0000000E.00000003.2475777969.00000000005C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware%2C+Inc%2E
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware20,1
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: tKr6T60C1r.exe, 00000000.00000003.1333478147.0000000000554000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rstem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Microsoft%2BVisual%2BC%252B%252B%2B2022%2BX64%2BMinimum%2BRuntime%2B-%2B14%252E36%252E32532","10":"Microsoft%252BVisual%252BC%25252B%25252B%252B2022%252BX64%252BMinimum%252BRuntime%252B-%252B14%25252E36%25252E32532","11":"Microsoft%25252BVisual%25252BC%2525252B%2525252B%25252B2022%25252BX64%25252BMinimum%25252BRuntime%25252B-%25252B14%2525252E36%2525252E32532","12":"Google+Chrome","13":"Microsoft+Edge",
Source: explorer.exe, 00000012.00000000.2532438302.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMWare
Source: explorer.exe, 00000012.00000002.2612829458.0000000009052000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000'
Source: explorer.exe, 00000012.00000000.2517147132.0000000007306000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 00000012.00000002.2612829458.0000000008F27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F27000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWT`
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
Source: PcAppStore.exe, 00000010.00000002.2587157310.00000000008F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, I*+K
Source: PcAppStore.exe, 00000010.00000003.2505394240.00000000008CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductDWACU819882742-CC56-1A59-9779-FB8CBFA1E29DVMware, Inc.Noney*
Source: explorer.exe, 00000012.00000000.2507994945.0000000000C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000002.2591321598.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: explorer.exe, 00000012.00000000.2532438302.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2507994945.0000000000C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\tKr6T60C1r.exeAPI call chain: ExitProcess graph end nodegraph_0-3503
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpAPI call chain: ExitProcess graph end nodegraph_14-12447
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpAPI call chain: ExitProcess graph end nodegraph_14-12227
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpAPI call chain: ExitProcess graph end nodegraph_14-13815
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_0100E4EB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_0100E4EB
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B1FD4 __vcrt_InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW,17_2_00007FF6161B1FD4
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F1C600 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_DebugHeapAllocator,_DebugHeapAllocator,16_2_00F1C600
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpCode function: 14_2_70141BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,14_2_70141BFF
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F08B20 std::bad_exception::bad_exception,GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,16_2_00F08B20
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_0100E4EB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_0100E4EB
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_01009A7E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_01009A7E
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B8588 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF6161B8588
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B2F04 SetUnhandledExceptionFilter,17_2_00007FF6161B2F04
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B23C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF6161B23C0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161B2D1C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF6161B2D1C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F22480 keybd_event,keybd_event,_DebugHeapAllocator,task,SetForegroundWindow,SetFocus,16_2_00F22480
Source: C:\Users\user\Desktop\tKr6T60C1r.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719Jump to behavior
Source: PcAppStore.exe, explorer.exe, 00000012.00000000.2515937995.0000000004880000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2605210976.0000000004880000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2510034946.0000000001441000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000012.00000000.2510034946.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2590143179.0000000001440000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000012.00000000.2510034946.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2590143179.0000000001440000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: productui_creation_failedcreation_error=%wsui_termination_errordirectory_switching_error.\nwjs\NW_store.exe.\ui\.Shell_TrayWndStartTrayDummySearchControlTrayButton
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Q2Hp\\.\pipe\pcappstoreClosingEventproductmessage_sending_error{"app":{"create_window":"%ws"}}recipient is not initialized: unknown recipient: productconnection_errorCreating a pipe instance failedUnnecessary connection was detected. The list of expected windows is emptyproductconnection_errorcritical_connection_errorproductconnection_errormainsettingsmenu_storeoffermenu_searchtopbarnotificationswidgetallNWidgetShell_TrayWndTrayNotifyWndTrayButtonPNGArial+++
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: StartMenuExperienceHost.exeShellExperienceHost.exeexplorer.exeSearchApp.exeSearchUI.exeSearchHost.exe{"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}{"app": {"hide_window": "menu_search"}}Shell_TrayWndStartTrayDummySearchControlTrayButton
Source: explorer.exe, 00000012.00000002.2587071216.0000000000C59000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2507994945.0000000000C59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman
Source: PcAppStore.exe, 00000010.00000002.2586043141.00000000006FB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: shell_traywnd\
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: TTaskbarShell_TrayWndreload_from_ui_thread{"app" : {"show_window":"settings"}}{"app" : {"show_window":"main"}}close_from_ui_threadreload_from_ui_thread{"app" : {"show_window":"settings"}}{"app" : {"show_window":"main"}}LastIDLastTime{"app": {"notifications": {"offerIsOpen": true}}}{"app":{"offer":{"offerInfo":{"url":"%ws","oid":%ws,"otype":"%ws","sessionId":"%ws"}},"show_window":"offer"}}{"app" : {"show_window":"main"}}{"app" : {"alive_window" : "%ws"}}{"app" : {"hide_window":"%ws"}}{"app": {"notifications": {"offerIsOpen": false}}}windowpageab{"app" : {"show_window":"menu_search"}}productwindow_showing_erroreM=%wsopenproductr_bin_open_error&eCode=%luopenproductcalc_error&eCode=%luproducterrorerrMsg=Invalid_File_Path{"app":{"%ws":{"app_status":{"name":"%ws","status":"%ws"}}}}noneinstalledxywidgetInfoproductwidget_info_errorunknown_ui_messagemsg=%wsInstanceThread: client disconnected.
Source: explorer.exe, 00000012.00000000.2510034946.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2590143179.0000000001440000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Eparamsnametype must be string, but is paramsnameurloidentryAppfilePath0e+000e+00C++/WinRT version:2.0.220110.5RoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactory^(https?://(?:www.)?([^/]+))(/.*)?$URL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableurloidlastTimeoTypesessionIdtagretmessageiconnamepathoidanimationsoundmenu_storemenu_searchhttps://pcapp.storenamepathregpathkeydisplaycountblinkingnotificationIconrunParampathalt_linkregpathkeyidproductr_binErreCode=%dnfinityanindsnanproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnknfinityanindsnan\Fast Corporation LTDLogonTriggerPT30S\\0p+00p+0PCAppStoreUpdater"%ws\AutoUpdater.exe"/iPT18Hproducttask_creation_failedtsh_creation_res=%dproductGetCurrentDirectory_failedPCAppStoreUpdaterproducttask_creation_failedtsh_deletion_res=%dShell_TrayWndtype must be string, but is type must be number, but is type must be number, but is infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)unknown%02XunknownSoftware\Microsoft\Windows\CurrentVersion\RunPCAppStore/initproductapp_param_changedLTR"%ws" %ws %wsRTLLTRSoftware\PCAppStoreAppParamdefaultauto_start_oncontextual_offersperiodical_offerspersonilized_notifications\\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIG%us%5B%5D=%s\u%0.4x
Source: PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: paramsnametype must be string, but is paramsnameurloidentryAppfilePath0e+000e+00C++/WinRT version:2.0.220110.5RoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactory^(https?://(?:www.)?([^/]+))(/.*)?$URL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableurloidlastTimeoTypesessionIdtagretmessageiconnamepathoidanimationsoundmenu_storemenu_searchhttps://pcapp.storenamepathregpathkeydisplaycountblinkingnotificationIconrunParampathalt_linkregpathkeyidproductr_binErreCode=%dnfinityanindsnanproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnknfinityanindsnan\Fast Corporation LTDLogonTriggerPT30S\\0p+00p+0PCAppStoreUpdater"%ws\AutoUpdater.exe"/iPT18Hproducttask_creation_failedtsh_creation_res=%dproductGetCurrentDirectory_failedPCAppStoreUpdaterproducttask_creation_failedtsh_deletion_res=%dShell_TrayWndtype must be string, but is type must be number, but is type must be number, but is infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)unknown%02XunknownSoftware\Microsoft\Windows\CurrentVersion\RunPCAppStore/initproductapp_param_changedLTR"%ws" %ws %wsRTLLTRSoftware\PCAppStoreAppParamdefaultauto_start_oncontextual_offersperiodical_offerspersonilized_notifications\\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIG%us%5B%5D=%s\u%0.4x
Source: PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: p\\.\pipe\pcappstoreClosingEventproductmessage_sending_error{"app":{"create_window":"%ws"}}recipient is not initialized: unknown recipient: productconnection_errorCreating a pipe instance failedUnnecessary connection was detected. The list of expected windows is emptyproductconnection_errorcritical_connection_errorproductconnection_errormainsettingsmenu_storeoffermenu_searchtopbarnotificationswidgetallNWidgetShell_TrayWndTrayNotifyWndTrayButtonPNGArial+++
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 17_2_00007FF6161C6EB0 cpuid 17_2_00007FF6161C6EB0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,FormatMessageA,16_2_00FF41AA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: _DebugHeapAllocator,GetLocaleInfoEx,GetLocaleInfoEx,task,16_2_00F00BB0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: GetLocaleInfoEx,FormatMessageA,17_2_00007FF6161B135C
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00F17B30 _DebugHeapAllocator,CreateNamedPipeW,16_2_00F17B30
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 16_2_00FF84DF GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,16_2_00FF84DF
Source: C:\Users\user\Desktop\tKr6T60C1r.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\tKr6T60C1r.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\nsrC311.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: gu.pak.info.14.drBinary or memory string: IDS_WIN_8_1_OBSOLETE,943,../../chrome/app/chromium_strings.grd
Source: gu.pak.info.14.drBinary or memory string: IDS_WIN_XP_VISTA_OBSOLETE,940,../../chrome/app/chromium_strings.grd
Source: gu.pak.info.14.drBinary or memory string: IDS_WIN_8_OBSOLETE,942,../../chrome/app/chromium_strings.grd
Source: gu.pak.info.14.drBinary or memory string: IDS_WIN_7_OBSOLETE,941,../../chrome/app/chromium_strings.grd

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts141
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		111
Input Capture		1
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol111
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager156
System Information Discovery		SMB/Windows Admin Shares1
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron111
Registry Run Keys / Startup Folder		1
Windows Service		1
DLL Search Order Hijacking		NTDS271
Security Software Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script13
Process Injection		1
Masquerading		LSA Secrets141
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts111
Registry Run Keys / Startup Folder		141
Virtualization/Sandbox Evasion		Cached Domain Credentials3
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job13
Process Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498107 Sample: tKr6T60C1r.exe Startdate: 23/08/2024 Architecture: WINDOWS Score: 45 51 pcapp.store 2->51 53 delivery.pcapp.store 2->53 55 2 other IPs or domains 2->55 73 Multi AV Scanner detection for dropped file 2->73 9 tKr6T60C1r.exe 2 41 2->9         started        signatures3 process4 dnsIp5 69 1285660440.rsc.cdn77.org 212.102.56.179 CDN77GB Italy 9->69 71 pcapp.store 45.32.1.23 AS-CHOOPAUS United States 9->71 35 C:\Users\user\AppData\Local\...\nsrC311.tmp, PE32 9->35 dropped 37 C:\Users\user\AppData\Local\...\nsJSON.dll, PE32 9->37 dropped 39 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 9->39 dropped 41 2 other files (none is malicious) 9->41 dropped 79 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 9->79 14 nsrC311.tmp 10 252 9->14         started        18 chrome.exe 1 9->18         started        file6 signatures7 process8 dnsIp9 43 C:\Users\user\PCAppStore\nwjs\vulkan-1.dll, PE32+ 14->43 dropped 45 C:\Users\user\...\vk_swiftshader.dll, PE32+ 14->45 dropped 47 C:\Users\user\PCAppStore\nwjs\nw_elf.dll, PE32+ 14->47 dropped 49 16 other files (12 malicious) 14->49 dropped 81 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->81 83 Creates multiple autostart registry keys 14->83 21 PcAppStore.exe 1 14->21         started        24 Watchdog.exe 18 14->24         started        57 192.168.2.7 unknown unknown 18->57 59 239.255.255.250 unknown Reserved 18->59 27 chrome.exe 18->27         started        29 chrome.exe 18->29         started        31 chrome.exe 6 18->31         started        file10 signatures11 process12 dnsIp13 75 Multi AV Scanner detection for dropped file 21->75 77 Contains functionality to register a low level keyboard hook 21->77 33 explorer.exe 5 6 21->33 injected 61 d74queuslupub.cloudfront.net 18.173.205.111 MIT-GATEWAYSUS United States 24->61 63 207.211.211.26 NAVISITE-EAST-2US United States 27->63 65 1715720427.rsc.cdn77.org 207.211.211.27 NAVISITE-EAST-2US United States 27->65 67 13 other IPs or domains 27->67 signatures14 process15

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nshAA58.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshAA58.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsJSON.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\Math.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\nsJSON.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsrC311.tmp11%ReversingLabs
C:\Users\user\PCAppStore\AutoUpdater.exe25%ReversingLabs
C:\Users\user\PCAppStore\PcAppStore.exe46%ReversingLabsWin32.PUA.Generic
C:\Users\user\PCAppStore\Uninstaller.exe13%ReversingLabs
C:\Users\user\PCAppStore\Watchdog.exe38%ReversingLabsWin64.PUA.Generic
C:\Users\user\PCAppStore\nwjs\NW_store.exe0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\ffmpeg.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\libEGL.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\libGLESv2.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\node.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\notification_helper.exe0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw_elf.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\vulkan-1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
https://support.google.com/chrome/answer/60988690%URL Reputationsafe
https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
https://excel.office.com0%URL Reputationsafe
https://word.office.com0%URL Reputationsafe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark0%URL Reputationsafe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
https://outlook.com0%URL Reputationsafe
https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=hiCtrl$10%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=done&_fcid=17194164232917190%Avira URL Cloudsafe
https://delivery.pcapp.store/tdy0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=17194164232917190%Avira URL Cloudsafe
https://api.msn.com:443/v1/news/Feed/Windows?t0%Avira URL Cloudsafe
https://pcapp.store/api/api.php0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.html0%Avira URL Cloudsafe
https://pcapp.store/pixel.gifproductstartedui_creation_errorwaiting_for_UI_connectionwaiting_for_win0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=mr&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://android.notify.windows.com/iOS0%URL Reputationsafe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp0%URL Reputationsafe
https://pcapp.store/320%Avira URL Cloudsafe
https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091q0%Avira URL Cloudsafe
https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=17194164232917190%Avira URL Cloudsafe
https://d74queuslupub.cloudfront.net/tatic0%Avira URL Cloudsafe
https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter0%Avira URL Cloudsafe
https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=17096360594060%Avira URL Cloudsafe
https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091q/l0%Avira URL Cloudsafe
https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=&evt_src=fa_mini_insta0%Avira URL Cloudsafe
https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=urCtrl$20%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://pcapp.store/src/main_code.js0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_0%Avira URL Cloudsafe
https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.ex0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=&nocache=%s%s%s%s%s%s%s%s&%s%s%I0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=trCtrl$10%Avira URL Cloudsafe
https://d74queuslupub.cloudfront.net/esk0%Avira URL Cloudsafe
https://photos.google.com/settings?referrer=CHROME_NTP0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl0%Avira URL Cloudsafe
https://pcapp.store/sicp0%Avira URL Cloudsafe
https://passwords.google.com0%Avira URL Cloudsafe
https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsClosingEventSoftware0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724432131432&nocache=73059530%Avira URL Cloudsafe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppat0%Avira URL Cloudsafe
https://wns.windows.com/0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=localmac&addon[]=EC-F4-BB-82-F7-E00%Avira URL Cloudsafe
https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%220%Avira URL Cloudsafe
https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://pcapp.store/tos.html?guid=0%Avira URL Cloudsafe
https://pcapp.store/inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&src=pcapp_full0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=start&permision=0%Avira URL Cloudsafe
https://pcapp.store/?0%Avira URL Cloudsafe
https://pcapp.store/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=stallation?&version=RONTD~10%Avira URL Cloudsafe
https://pcapp.store/inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&version=fa.1091q&src=pcapp_mini&uc=16le0%Avira URL Cloudsafe
https://pcapp.store/pixelgif.php0%Avira URL Cloudsafe
https://support.google.com/chromebook?p=app_intent0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=0%Avira URL Cloudsafe
https://d74queuslupub.cloudfront.net/0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724425090304&nocache=2638430%Avira URL Cloudsafe
https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%0%Avira URL Cloudsafe
https://pcapp.store/?p=lpd_appstore-faq0%Avira URL Cloudsafe
https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionend0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=mrCtrl$10%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlT&r0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.html&0%Avira URL Cloudsafe
https://d74queuslupub.cloudfront.net/c0%Avira URL Cloudsafe
https://pcapp.store/0%Avira URL Cloudsafe
https://pcapp.store/installing.php?guid=&winver=0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parent=&evt_src=fa_installer&evt_action=done0%Avira URL Cloudsafe
https://pcapp.store/account/logintray_exit0%Avira URL Cloudsafe
https://pcapp.store/notify_app_v2.php?guid=0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl0%Avira URL Cloudsafe
https://pcapp.store/a0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=ukCtrl$10%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parent0%Avira URL Cloudsafe
https://pcapp.store/installing.php?guid=19882742-CC56-1A59-97790%Avira URL Cloudsafe
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the0%Avira URL Cloudsafe
https://support.google.com/chrome/a/answer/91222840%Avira URL Cloudsafe
https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091qF0%Avira URL Cloudsafe
https://pcapp.store/cpg_fa.php?guid=An0%Avira URL Cloudsafe
https://pcapp.store/t0%Avira URL Cloudsafe
https://pcapp.store/s0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=download_start&_fcid=17194164232917190%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
http://www.digicert.c0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity0%Avira URL Cloudsafe
https://delivery.pcapp.store/il0%Avira URL Cloudsafe
https://pcapp.store/privacy.html?guid=welhttps://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_min0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
1715720427.rsc.cdn77.org
207.211.211.27
truefalse
    		unknown
    google.com
    		216.58.212.142
    		truefalse
      		unknown
      analytics-alv.google.com
      		216.239.38.181
      		truefalse
        		unknown
        googleads.g.doubleclick.net
        		142.250.185.162
        		truefalse
          		unknown
          1285660440.rsc.cdn77.org
          		212.102.56.179
          		truefalse
            		unknown
            td.doubleclick.net
            		142.250.186.98
            		truefalse
              		unknown
              www.google.com
              		142.250.184.228
              		truefalse
                		unknown
                pcapp.store
                		45.32.1.23
                		truefalse
                  		unknown
                  d74queuslupub.cloudfront.net
                  		18.173.205.111
                  		truefalse
                    		unknown
                    stats.g.doubleclick.net
                    		66.102.1.154
                    		truefalse
                      		unknown
                      repository.pcapp.store
                      		unknown
                      		unknownfalse
                        		unknown
                        analytics.google.com
                        		unknown
                        		unknownfalse
                          		unknown
                          delivery.pcapp.store
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=done&_fcid=1719416423291719false
                            • Avira URL Cloud: safe
                            		unknown
                            https://pcapp.store/api/api.phpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=1719416423291719false
                            • Avira URL Cloud: safe
                            		unknown
                            https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091qfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406false
                            • Avira URL Cloud: safe
                            		unknown
                            https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=1719416423291719false
                            • Avira URL Cloud: safe
                            		unknown
                            https://pcapp.store/src/main_code.jsfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091qfalse
                              		unknown
                              https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=localmac&addon[]=EC-F4-BB-82-F7-E0false
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724432131432&nocache=7305953false
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=start&permision=false
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&src=pcapp_fullfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svgfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&version=fa.1091q&src=pcapp_mini&uc=16lefalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/pixelgif.phpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724425090304&nocache=263843false
                              • Avira URL Cloud: safe
                              		unknown
                              https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parent=&evt_src=fa_installer&evt_action=donefalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://d74queuslupub.cloudfront.net/p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":4,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724440885&nocache=14707false
                                		unknown
                                https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=download_start&_fcid=1719416423291719false
                                • Avira URL Cloud: safe
                                		unknown
                                https://d74queuslupub.cloudfront.net/p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724432130&nocache=404false
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?unsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, vi.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gifproductstartedui_creation_errorwaiting_for_UI_connectionwaiting_for_winnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://delivery.pcapp.store/tdytKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=hiCtrl$1hi.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=mr&category=theme81https://myactivity.google.com/myactivity/?umr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.msn.com:443/v1/news/Feed/Windows?texplorer.exe, 00000012.00000000.2517147132.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.0000000007276000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.google.com/chrome/answer/6098869nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.google.com/chrome/privacy/eula_text.htmlnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, hi.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/32nsrC311.tmp, 0000000E.00000003.2472864538.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-worldexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winterexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091q/ltKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000518000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://excel.office.comexplorer.exe, 00000012.00000000.2539905828.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2624721472.000000000C091000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=&evt_src=fa_mini_instatKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://d74queuslupub.cloudfront.net/taticWatchdog.exe, 00000011.00000003.2527299894.000001C3B7BAA000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=urCtrl$2nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?unsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.exnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://photos.google.com/settings?referrer=CHROME_NTPnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=trCtrl$1nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_PcAppStore.exe, 00000010.00000002.2587157310.00000000008F0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000002.2587157310.000000000092E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=&nocache=%s%s%s%s%s%s%s%s&%s%s%InsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://d74queuslupub.cloudfront.net/eskWatchdog.exe, 00000011.00000002.2590550312.000001C3B9900000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/sicpnsrC311.tmp, 0000000E.00000002.2611852104.0000000003872000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://passwords.google.comnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppatexplorer.exe, 00000012.00000000.2545915377.000000000C530000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2625725648.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsClosingEventSoftwarensrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&ocexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?unsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://wns.windows.com/explorer.exe, 00000012.00000002.2591321598.0000000003230000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fatKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?unsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/tos.html?guid=tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gif?guid=stallation?&version=RONTD~1tKr6T60C1r.exe, 00000000.00000003.2149626084.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/?tKr6T60C1r.exe, 00000000.00000003.1390522890.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://word.office.comexplorer.exe, 00000012.00000000.2539905828.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2624721472.000000000C091000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.google.com/chromebook?p=app_intentnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gif?guid=PcAppStore.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionendnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/?p=lpd_appstore-faqnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-darkexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://d74queuslupub.cloudfront.net/Watchdog.exe, 00000011.00000002.2590550312.000001C3B9900000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000003.2526949581.000001C3B9907000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000003.2527299894.000001C3B7BAA000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=mrCtrl$1mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://nsis.sf.net/NSIS_ErrorErrortKr6T60C1r.exefalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.google.com/chrome/privacy/eula_text.html&nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, ur.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/chrome/privacy/eula_text.htmlT&rnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, vi.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?uhi.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://d74queuslupub.cloudfront.net/cWatchdog.exe, 00000011.00000002.2588552849.000001C3B7BAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.comexplorer.exe, 00000012.00000000.2539905828.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2624721472.000000000C091000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://pcapp.store/nsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2475777969.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474134771.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000003.2474949812.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000002.2587157310.00000000008F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/installing.php?guid=&winver=tKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmp, nsrC311.tmp, 0000000E.00000002.2609274779.0000000000562000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/account/logintray_exitnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/notify_app_v2.php?guid=PcAppStore.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?unsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/atKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=ukCtrl$1nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parentnsrC311.tmp, 0000000E.00000002.2609274779.00000000005AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://android.notify.windows.com/iOSexplorer.exe, 00000012.00000002.2612829458.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.000000000913F000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779tKr6T60C1r.exe, 00000000.00000003.1382481641.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000012.00000002.2612829458.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2532438302.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091qFtKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000012.00000000.2517147132.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2606213046.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.google.com/chrome/a/answer/9122284nsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, tr.pak.14.dr, vi.pak.14.dr, hi.pak.14.dr, ur.pak.14.dr, mr.pak.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/cpg_fa.php?guid=AnnsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000010.00000000.2494943859.0000000001040000.00000002.00000001.01000000.00000015.sdmp, PcAppStore.exe, 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/ttKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/snsrC311.tmp, 0000000E.00000003.2469627951.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/privacy.html?guid=welhttps://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_mintKr6T60C1r.exe, 00000000.00000002.2150367791.0000000000480000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?unsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.digicert.ctKr6T60C1r.exe, 00000000.00000002.2151172095.0000000002D81000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivitynsrC311.tmp, 0000000E.00000002.2610471574.000000000283A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://delivery.pcapp.store/iltKr6T60C1r.exe, 00000000.00000003.2107935224.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000003.2149404278.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, tKr6T60C1r.exe, 00000000.00000002.2151230417.0000000002DB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  216.58.212.142
                                  		google.comUnited States
                                  		15169GOOGLEUSfalse
                                  216.58.212.164
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  216.239.38.181
                                  		analytics-alv.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  159.223.126.41
                                  		unknownUnited States
                                  		46118CELANESE-USfalse
                                  66.102.1.154
                                  		stats.g.doubleclick.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.185.162
                                  		googleads.g.doubleclick.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.74.194
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.184.228
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.186.98
                                  		td.doubleclick.netUnited States
                                  		15169GOOGLEUSfalse
                                  212.102.56.179
                                  		1285660440.rsc.cdn77.orgItaly
                                  		60068CDN77GBfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  172.217.23.100
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  207.211.211.27
                                  		1715720427.rsc.cdn77.orgUnited States
                                  		14135NAVISITE-EAST-2USfalse
                                  45.32.1.23
                                  		pcapp.storeUnited States
                                  		20473AS-CHOOPAUSfalse
                                  207.211.211.26
                                  		unknownUnited States
                                  		14135NAVISITE-EAST-2USfalse
                                  18.173.205.111
                                  		d74queuslupub.cloudfront.netUnited States
                                  		3MIT-GATEWAYSUSfalse

                                  Private

                                  IP
                                  192.168.2.7

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1498107
                                  Start date and time:2024-08-23 16:54:57 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 9m 30s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:19
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:1
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:tKr6T60C1r.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:7183_36267834_f649b1aeeffa6f99f42435e1ad28d7bf7687c545d4c0e2add1b6ac8c871d7133_setup (1).exe
                                  Detection:MAL
                                  Classification:mal45.spyw.evad.winEXE@26/252@31/17
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:
                                  • Successful, ratio: 97%
                                  • Number of executed functions: 138
                                  • Number of non-executed functions: 236
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe, UsoClient.exe
                                  • Excluded IPs from analysis (whitelisted): 93.184.221.240, 216.58.212.174, 64.233.167.84, 172.217.18.3, 34.104.35.123, 142.250.185.195, 142.250.185.138, 142.250.185.232, 142.250.186.136, 217.20.57.43, 142.250.185.99, 216.58.206.46
                                  • Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size exceeded maximum capacity and may have missing network information.
                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: tKr6T60C1r.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  10:57:56API Interceptor78x Sleep call for process: Watchdog.exe modified
                                  10:58:00API Interceptor39x Sleep call for process: explorer.exe modified
                                  16:57:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PCAppStore "C:\Users\user\PCAppStore\PCAppStore.exe" /init default
                                  16:58:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater "C:\Users\user\PCAppStore\AutoUpdater.exe" /i

                                  LLM Input / Output

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  212.102.56.179SecuriteInfo.com.TrojanPSW.Purelog.21832.24487.exeGet hashmaliciousPureLog StealerBrowse
                                  • static.adtidy.net/windows/installer.exe
                                  SecuriteInfo.com.TrojanPSW.Purelog.21832.24487.exeGet hashmaliciousPureLog StealerBrowse
                                  • static.adguard.com/installer.v1.0.json
                                  239.255.255.250file.exeGet hashmaliciousUnknownBrowse
                                    http://premium.davidabostic.comGet hashmaliciousUnknownBrowse
                                      http://ezp-prod1.hul.harvard.edu/login?qurl=https://nearbystorageunitss.com/image#YmhvZmZtYW5AaGlsY29ycC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                        Corp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse
                                          https://app.supercast.com/ahoy/messages/NuCwMXL7H9TYxRcbnPV2HNBC27R3XTJ7/click?signature=a81c8ff09c7aec0f320b61cbf7dd42e1a041100b&url=https://nursematte.com/asdbhewjcjfnjernfreddbecje/cloudflare-antibot#Kirsten.stevens+sueryder.orgGet hashmaliciousHTMLPhisherBrowse
                                            http://lixowaste.comGet hashmaliciousUnknownBrowse
                                              http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                                https://gabrielamartinez.hosted.phplist.com/lists/lt.php?tid=ehpRUwdcC1FXB05UUgRXS1BQBQEVWwgBV0wGB1EFBFVTVwdRDg9EUVIABVRRVwRLVAJRVhUNXlkNTAYDDAIZUwJXU1cEXAELDQcGHgAAVAQCCQYCFVsBXQZMUAEEBxldUFdTT1UMWQMMBQYGUwxRUgGet hashmaliciousUnknownBrowse
                                                  FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                                    https://www.carnivalsale.comGet hashmaliciousUnknownBrowse
                                                      207.211.211.27http://www.jumbo.clGet hashmaliciousUnknownBrowse
                                                        159.223.126.41MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                          https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj85-Cx0Pz-AhV5FVkFHezeDZcQFnoECCUQAQ&url=https%3A%2F%2Fwww.dltk-teach.com%2Frhymes%2Fmacdonald%2Fmlyrics.htm&usg=AOvVaw0mYQOAG6hFsIBU_fVcAryoGet hashmaliciousUnknownBrowse
                                                            45.32.1.23Setup (1).exeGet hashmaliciousUnknownBrowse
                                                              Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                nso7806.exeGet hashmaliciousUnknownBrowse
                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                    MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                      http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                        http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                          Unconfirmed 69219.exeGet hashmaliciousUnknownBrowse

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            d74queuslupub.cloudfront.netSetup.exeGet hashmaliciousUnknownBrowse
                                                                            • 18.173.205.117
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 18.239.94.126
                                                                            1285660440.rsc.cdn77.orgSetup.exeGet hashmaliciousUnknownBrowse
                                                                            • 138.199.37.37
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 156.146.33.138
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 89.187.173.13
                                                                            MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zipGet hashmaliciousUnknownBrowse
                                                                            • 89.187.173.11
                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                            • 89.187.183.11
                                                                            MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                            • 37.19.206.5
                                                                            1715720427.rsc.cdn77.orghttps://pivotanimator.net/Download.phpGet hashmaliciousUnknownBrowse
                                                                            • 156.146.33.14
                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                            • 138.199.37.37
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 195.181.170.19
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 89.187.173.11
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 37.19.206.5
                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                            • 37.19.206.5
                                                                            http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                            • 195.181.175.15
                                                                            http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                            • 195.181.170.18
                                                                            pcapp.storehttps://pivotanimator.net/Download.phpGet hashmaliciousUnknownBrowse
                                                                            • 45.32.1.23

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            NAVISITE-EAST-2UShttp://www.jumbo.clGet hashmaliciousUnknownBrowse
                                                                            • 207.211.211.26
                                                                            https://www.google.com/travel/clk?pc=AA80OsxOJqDJTtimFViThn67OQkloT30Ajm0l4ZvLJJer0pJHlDs6FtKUzjSNqFcVCDDRK9HbWM9J68g_B5lWBQlAc6FRf4zwpPAQbYRTV4byfvHC1SF4YRK3ax3ADGyZ2SM3lU&pcurl=https://www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttp%25253A%25252F%25252Fau.bestreviews.guide%25252Famp%25252Fredirect%25253Frf_dws_location%2525253D%25252526rf_item_id%2525253D284553988%25252526rf_list_id%2525253D4693819%25252526rf_partner_id%2525253DB017M5JDX0%25252526rf_source%2525253Damazon%25252526url%2525253DaHR0cHM6Ly9tb2FyYWRlZm9jLnJvL29mZXJ0YS1udW50YS0yMDIzLz9wb3BiX3BJRD0zNzIxJnBvcGJfdHJhY2tfdXJsPWh0dHA6Ly9wYWlnZTA5Mi5naXRodWIuaW8lMkYwNTAyOTIzZDM0MGNlYjE1ZTRjZjNlZWUwMTM5NGMyMDk3MmRmYTllZTBkMzUzMDBlZDFjOWNjMjdhNWZiYmM0OTU1ODkzMjEyMjIwMDA5ODQ5OTEyMDklMkY%2525253D%252526c%25253DE%25252C1%25252CDR46MsYBoqQYCIR265tDuHDy_G5rYCXcSJD3yqZE084XnwKAnmUdOkGTEGQQhlwGOYj_RpZJHPPpeiAVAfJ08NWAIzAZZeX1VKIwBKyDiJ-Dg8gikcGjT85owT4%25252C%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3xlcg3a9X_y80WSUzYxlrB%26sa%3DD%26source%3Deditors%26ust%3D1723654483940330%26usg%3DAOvVaw3iBZdZ4Xq06xRpitwHmKAk%23cmljaGFyZC5oZW5uZXNzeUBkdnNhLmdvdi51aw==Get hashmaliciousHTMLPhisherBrowse
                                                                            • 207.211.211.26
                                                                            https://url.us.m.mimecastprotect.com/s/r0heCNk2ERIMJp0gS4hju16sqr?domain=docusign.netGet hashmaliciousUnknownBrowse
                                                                            • 207.211.31.106
                                                                            Updated Handbook.docxGet hashmaliciousUnknownBrowse
                                                                            • 207.211.31.113
                                                                            mips.elfGet hashmaliciousMiraiBrowse
                                                                            • 216.205.190.192
                                                                            http://url.uk.m.mimecastprotect.com/s/Qb9MCZ4z4h5VrB0KizfxuBiFFPGet hashmaliciousUnknownBrowse
                                                                            • 207.211.31.106
                                                                            Updated Handbook.docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                            • 207.211.31.113
                                                                            https://49moleraur.xyz/garantiGet hashmaliciousUnknownBrowse
                                                                            • 207.211.214.80
                                                                            https://url.us.m.mimecastprotect.com/s/UkmpCmZgG1h5BO2ghBi2tR8UWK?domain=forms.office.comGet hashmaliciousHTMLPhisherBrowse
                                                                            • 207.211.31.64
                                                                            https://agana281.xyz/garanti/Get hashmaliciousUnknownBrowse
                                                                            • 207.211.214.81
                                                                            CELANESE-UShttps://www.aweber.com/z/r/?bGxsHGwcnLRMDGyMTEysDJxstEa0rBzMLOxsDAw=Get hashmaliciousUnknownBrowse
                                                                            • 159.223.35.244
                                                                            SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                            • 159.223.133.120
                                                                            SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                            • 159.223.133.120
                                                                            xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                            • 159.223.204.97
                                                                            TscwjnyvGb.exeGet hashmaliciousFormBookBrowse
                                                                            • 159.223.167.242
                                                                            https://generously-supporter-capably.w3spaces.com/Get hashmaliciousUnknownBrowse
                                                                            • 159.223.96.127
                                                                            https://orr.swq.mybluehost.me/ch/Get hashmaliciousUnknownBrowse
                                                                            • 159.223.124.226
                                                                            Lisect_AVT_24003_G1B_122.exeGet hashmaliciousUnknownBrowse
                                                                            • 159.223.177.158
                                                                            0SpHek7Jd8.elfGet hashmaliciousUnknownBrowse
                                                                            • 159.223.204.166
                                                                            92.249.48.47-skid.x86_64-2024-07-20T09_04_18.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 159.223.211.184
                                                                            CDN77GBhttp://scratchpay.referralrock.comGet hashmaliciousUnknownBrowse
                                                                            • 89.187.169.3
                                                                            Quarantined Messages(1).zipGet hashmaliciousUnknownBrowse
                                                                            • 195.181.175.41
                                                                            https://mergeseverd-apps.pages.dev/chunks/patterns/cpupath.html/wallet/inputs.htmlGet hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            http://manga-netflix10737.tinyblogging.com.xx3.kz/Get hashmaliciousUnknownBrowse
                                                                            • 212.102.56.178
                                                                            http://lazily-devoted-snipe.pgsdemo.comGet hashmaliciousUnknownBrowse
                                                                            • 195.181.170.19
                                                                            https://app.getresponse.com/click.html?x=a62b&lc=hc8IqB&mc=It&s=BFBlApc&u=Cz2ey&z=EhCFwWB&Get hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            http://rzfii.pgsgame168.com/4ItgVQ15699NZjM1300rynutxhgre29959VXQWURFTNTTZHEH3224BWFE17488M12Get hashmaliciousUnknownBrowse
                                                                            • 195.181.175.41
                                                                            https://ipfs.io/ipfs/bafybeig73vvfshz7be3vzi75x3yfbt4gh2y2ojwrwaoz5vww6isfriezzy/mdn.sHtmlGet hashmaliciousHTMLPhisherBrowse
                                                                            • 185.93.3.244
                                                                            http://vztel.pgslotmx.com/4LzXXV15833BwEh1411pqqjcszogu14462TQIECUFXUJQCTZS286RSWC17492j17Get hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            https://blockchainsolution.netlify.app/Get hashmaliciousUnknownBrowse
                                                                            • 195.181.175.40
                                                                            AS-CHOOPAUSsurp.exeGet hashmaliciousLummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                            • 95.179.163.21
                                                                            sora.spc.elfGet hashmaliciousUnknownBrowse
                                                                            • 78.141.232.187
                                                                            Debit note Jan-Jul 2024.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.207.148.137
                                                                            PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                            • 155.138.157.207
                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                            • 45.76.89.70
                                                                            RFQ-230802024.PDF.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • 45.76.85.183
                                                                            tLbNj2aA0J.exeGet hashmaliciousNjratBrowse
                                                                            • 144.202.69.96
                                                                            c.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 208.65.87.151
                                                                            c.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 208.65.87.151
                                                                            MsvL2pjs5Y.exeGet hashmaliciousAveMaria, WhiteSnake StealerBrowse
                                                                            • 149.28.151.144

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            http://premium.davidabostic.comGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            http://ezp-prod1.hul.harvard.edu/login?qurl=https://nearbystorageunitss.com/image#YmhvZmZtYW5AaGlsY29ycC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            Corp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            https://app.supercast.com/ahoy/messages/NuCwMXL7H9TYxRcbnPV2HNBC27R3XTJ7/click?signature=a81c8ff09c7aec0f320b61cbf7dd42e1a041100b&url=https://nursematte.com/asdbhewjcjfnjernfreddbecje/cloudflare-antibot#Kirsten.stevens+sueryder.orgGet hashmaliciousHTMLPhisherBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            http://lixowaste.comGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            https://gabrielamartinez.hosted.phplist.com/lists/lt.php?tid=ehpRUwdcC1FXB05UUgRXS1BQBQEVWwgBV0wGB1EFBFVTVwdRDg9EUVIABVRRVwRLVAJRVhUNXlkNTAYDDAIZUwJXU1cEXAELDQcGHgAAVAQCCQYCFVsBXQZMUAEEBxldUFdTT1UMWQMMBQYGUwxRUgGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            https://gamma.app/docs/access-e8vjky3je6dx04nGet hashmaliciousUnknownBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            https://tinyurl.com/EDODHTQN#em=heidi.wiebold@trapezegroup.comGet hashmaliciousPhisherBrowse
                                                                            • 20.190.159.68
                                                                            • 40.127.169.103
                                                                            • 20.73.194.208
                                                                            • 51.104.136.2
                                                                            • 20.190.160.20
                                                                            • 184.28.90.27
                                                                            • 4.231.128.59
                                                                            a0e9f5d64349fb13191bc781f81f42e1700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                            • 45.32.1.23
                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 45.32.1.23
                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                            • 45.32.1.23
                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 45.32.1.23
                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                            • 45.32.1.23
                                                                            http://algestconsulting20-my.sharepoint.com/:f:/g/personal/jacques_cangah_algest-consulting_com/EkolIGllKGRKhe-gd4i73uMBzF46oqcv00d-WXGnz9D-FwGet hashmaliciousUnknownBrowse
                                                                            • 45.32.1.23
                                                                            Board Torpedo new- cost.xlsGet hashmaliciousUnknownBrowse
                                                                            • 45.32.1.23
                                                                            new.xlsGet hashmaliciousUnknownBrowse
                                                                            • 45.32.1.23
                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 45.32.1.23
                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                            • 45.32.1.23
                                                                            37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousVidarBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            SUBOLETO202408-6861385.lnkGet hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            SUBOLETO202408-6861385.lnkGet hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            javawvd.exeGet hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                            • 212.102.56.179
                                                                            • 45.32.1.23
                                                                            • 18.173.205.111

                                                                            Dropped Files

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            C:\Users\user\AppData\Local\Temp\nshAA58.tmp\inetc.dllSetup.exeGet hashmaliciousUnknownBrowse
                                                                              Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                  9c23f857-b0b9-47d6-b664-47a3132066f4.exeGet hashmaliciousUnknownBrowse
                                                                                    9c23f857-b0b9-47d6-b664-47a3132066f4.exeGet hashmaliciousUnknownBrowse
                                                                                      Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                        MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zipGet hashmaliciousUnknownBrowse
                                                                                          Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                              nso7806.exeGet hashmaliciousUnknownBrowse
                                                                                                C:\Users\user\AppData\Local\Temp\nshAA58.tmp\System.dll#U0423#U0432#U0435#U0434#U043e#U043c#U043b#U0435#U043d#U0438#U0435_#U2116_24357 .exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                  #U0423#U0432#U0435#U0434#U043e#U043c#U043b#U0435#U043d#U0438#U0435_#U2116_24357 .exeGet hashmaliciousGuLoaderBrowse
                                                                                                    ipscan-3.9.1-setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                      f9GwN5TLpA.htaGet hashmaliciousCobalt Strike, GuLoaderBrowse
                                                                                                        eDHL.exeGet hashmaliciousGuLoaderBrowse
                                                                                                          eDHL.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            Pepsico Company Profile.exeGet hashmaliciousGuLoaderBrowse
                                                                                                              Pepsico Company Profile.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.3568.4683.xlsxGet hashmaliciousGuLoaderBrowse
                                                                                                                  SecuriteInfo.com.FileRepMalware.11227.27096.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\explorer.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):106120
                                                                                                                    Entropy (8bit):4.017175663180842
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:m8k0qbKMtt+dohkhiqG5nlQhFi7KNSem6:Lk0qbKMtt8ohCiUhFRS96
                                                                                                                    MD5:8A72DC98082C40E866062409B7F76960
                                                                                                                    SHA1:15DFE90ACE6DBBC7B1E24A440A1A5BDD9AAAF44C
                                                                                                                    SHA-256:08556A228EC514C140812F771FC77F1EEA5AAC6633B411CE25A82D6D93BA26D4
                                                                                                                    SHA-512:1B37F771A069EFE63C4B958EF467CE36E4F31AE4BD1BA400B0E44E22B774E54646BF6D509C4198410007EBCE37CA0FBFCF06D6A10DDBDC3CA1E0F4FFE9A024E9
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:....h... .......@.......P...........@...Y.......^................... ...W.......e.n.-.C.H.;.e.n.-.G.B....... ......................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D............................................f.r.o.n.t.d.e.s.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................0..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D.................................

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\p[1].gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42
                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                    Malicious:false
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\p[1].gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42
                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\p[2].gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42
                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\p[1].gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42
                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\p[1].gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42
                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                    C:\Users\user\AppData\Local\Temp\nshAA58.tmp\System.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):12288
                                                                                                                    Entropy (8bit):5.814115788739565
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                    MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                    SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                    SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                    SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Joe Sandbox View:
                                                                                                                    • Filename: #U0423#U0432#U0435#U0434#U043e#U043c#U043b#U0435#U043d#U0438#U0435_#U2116_24357 .exe, Detection: malicious, Browse
                                                                                                                    • Filename: #U0423#U0432#U0435#U0434#U043e#U043c#U043b#U0435#U043d#U0438#U0435_#U2116_24357 .exe, Detection: malicious, Browse
                                                                                                                    • Filename: ipscan-3.9.1-setup (1).exe, Detection: malicious, Browse
                                                                                                                    • Filename: f9GwN5TLpA.hta, Detection: malicious, Browse
                                                                                                                    • Filename: eDHL.exe, Detection: malicious, Browse
                                                                                                                    • Filename: eDHL.exe, Detection: malicious, Browse
                                                                                                                    • Filename: Pepsico Company Profile.exe, Detection: malicious, Browse
                                                                                                                    • Filename: Pepsico Company Profile.exe, Detection: malicious, Browse
                                                                                                                    • Filename: SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.3568.4683.xlsx, Detection: malicious, Browse
                                                                                                                    • Filename: SecuriteInfo.com.FileRepMalware.11227.27096.exe, Detection: malicious, Browse
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nshAA58.tmp\image.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):997
                                                                                                                    Entropy (8bit):4.188896534234179
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:2E5KZbHOjOruFw6MLxENScRVar7FC53tK1Oqd3Aa0n:tAlHOjOX60ENvRVZKbEn
                                                                                                                    MD5:1636218C14C357455B5C872982E2A047
                                                                                                                    SHA1:21FBD1308AF7AD25352667583A8DC340B0847DBC
                                                                                                                    SHA-256:9B8B6285BF65F086E08701EEE04E57F2586E973A49C5A38660C9C6502A807045
                                                                                                                    SHA-512:837FA6BCBE69A3728F5CB4C25C35C1D13E84B11232FC5279A91F21341892AD0E36003D86962C8AB1A056D3BEEB2652C754D51D6EC7EEE0E0EBFE19CD93FB5CB0
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a............P..........4q...5j...O..F.].......................o..._.....5y.t........\....K>}...g..t....X...B..ET....t~....go..Jx...........|..U!f.|....>u.M.........w>..+r...|...A{.....t...E...b.8}....d....A.....R..y..l...w....G5u...{....t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H..A....`pp....~.xR......d.......,...D...)2 .1.....N` R......(@......,8RDA../..XB....P.F .....#...b`F...#8p......<\.`.........A....n|.CH...........+... .E.....d`.@......;

                                                                                                                    C:\Users\user\AppData\Local\Temp\nshAA58.tmp\inetc.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):39424
                                                                                                                    Entropy (8bit):4.684597989866362
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                    MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                    SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                    SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                    SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Joe Sandbox View:
                                                                                                                    • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                    • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                    • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                    • Filename: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, Detection: malicious, Browse
                                                                                                                    • Filename: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, Detection: malicious, Browse
                                                                                                                    • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                    • Filename: MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zip, Detection: malicious, Browse
                                                                                                                    • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                    • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                    • Filename: nso7806.exe, Detection: malicious, Browse
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nshAA58.tmp\modern-wizard.bmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):26494
                                                                                                                    Entropy (8bit):1.9568109962493656
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                    MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                    SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                    SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                    SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                    Malicious:false
                                                                                                                    Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                    C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsDialogs.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):9728
                                                                                                                    Entropy (8bit):5.158136237602734
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                                                                    MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                    SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                    SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                    SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nshAA58.tmp\nsJSON.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24064
                                                                                                                    Entropy (8bit):5.819708895488079
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:n7U5CiIZ1ZC2RvhrTfldNuwQ5pk+BISivMyyOgqCoRUj+OvHxOuofnykhVQJrTU:YoZ1ZnhrTfldqk7Yyy94RxOcVQJrT
                                                                                                                    MD5:F4D89D9A2A3E2F164AEA3E93864905C9
                                                                                                                    SHA1:4D4E05EE5E4E77A0631A3DD064C171BA2E227D4A
                                                                                                                    SHA-256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
                                                                                                                    SHA-512:DBDA3FE7CA22C23D2D0F2A5D9D415A96112E2965081582C7A42C139A55C5D861A27F0BD919504DE4F82C59CF7D1B97F95ED5A55E87D574635AFDB7EB2D8CADF2
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.'..fI_.fI_.fI_3.H^.fI_.fH_?fI_.8M^.fI_.8I^.fI_.8._.fI_.8K^.fI_Rich.fI_........PE..L...`..Z...........!.....>..........E........P............................................@..........................X......@Z..P....p..........................H....X...............................................P...............................text...W<.......>.................. ..`.rdata.......P.......B..............@..@.data...@....`.......R..............@....rsrc........p.......T..............@..@.reloc..H............X..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\Math.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):69120
                                                                                                                    Entropy (8bit):6.024967061017882
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:GUZ9QC7V7IGMp2ZmtSX5p9IeJXlSM2tS:T97WSth5lwt
                                                                                                                    MD5:85428CF1F140E5023F4C9D179B704702
                                                                                                                    SHA1:1B51213DDBAEDFFFB7E7F098F172F1D4E5C9EFBA
                                                                                                                    SHA-256:8D9A23DD2004B68C0D2E64E6C6AD330D0C648BFFE2B9F619A1E9760EF978207A
                                                                                                                    SHA-512:DFE7F9F3030485CAF30EC631424120030C3985DF778993342A371BF1724FA84AA885B4E466C6F6B356D99CC24E564B9C702C7BCDD33052172E0794C2FDECCE59
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w.................F.........................5.....5....:6....Rich...........PE..L.....Oa...........!................KG....................................................@.............................B.......(....................................................................................................................text...b........................... ..`.rdata..R...........................@..@.data............2..................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\System.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):12288
                                                                                                                    Entropy (8bit):5.814115788739565
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                    MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                    SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                    SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                    SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\image.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):997
                                                                                                                    Entropy (8bit):4.188896534234179
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:2E5KZbHOjOruFw6MLxENScRVar7FC53tK1Oqd3Aa0n:tAlHOjOX60ENvRVZKbEn
                                                                                                                    MD5:1636218C14C357455B5C872982E2A047
                                                                                                                    SHA1:21FBD1308AF7AD25352667583A8DC340B0847DBC
                                                                                                                    SHA-256:9B8B6285BF65F086E08701EEE04E57F2586E973A49C5A38660C9C6502A807045
                                                                                                                    SHA-512:837FA6BCBE69A3728F5CB4C25C35C1D13E84B11232FC5279A91F21341892AD0E36003D86962C8AB1A056D3BEEB2652C754D51D6EC7EEE0E0EBFE19CD93FB5CB0
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a............P..........4q...5j...O..F.].......................o..._.....5y.t........\....K>}...g..t....X...B..ET....t~....go..Jx...........|..U!f.|....>u.M.........w>..+r...|...A{.....t...E...b.8}....d....A.....R..y..l...w....G5u...{....t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H..A....`pp....~.xR......d.......,...D...)2 .1.....N` R......(@......,8RDA../..XB....P.F .....#...b`F...#8p......<\.`.........A....n|.CH...........+... .E.....d`.@......;

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\inetc.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):39424
                                                                                                                    Entropy (8bit):4.684597989866362
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                    MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                    SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                    SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                    SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsiEA2C.tmp\nsJSON.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24064
                                                                                                                    Entropy (8bit):5.819708895488079
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:n7U5CiIZ1ZC2RvhrTfldNuwQ5pk+BISivMyyOgqCoRUj+OvHxOuofnykhVQJrTU:YoZ1ZnhrTfldqk7Yyy94RxOcVQJrT
                                                                                                                    MD5:F4D89D9A2A3E2F164AEA3E93864905C9
                                                                                                                    SHA1:4D4E05EE5E4E77A0631A3DD064C171BA2E227D4A
                                                                                                                    SHA-256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
                                                                                                                    SHA-512:DBDA3FE7CA22C23D2D0F2A5D9D415A96112E2965081582C7A42C139A55C5D861A27F0BD919504DE4F82C59CF7D1B97F95ED5A55E87D574635AFDB7EB2D8CADF2
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.'..fI_.fI_.fI_3.H^.fI_.fH_?fI_.8M^.fI_.8I^.fI_.8._.fI_.8K^.fI_Rich.fI_........PE..L...`..Z...........!.....>..........E........P............................................@..........................X......@Z..P....p..........................H....X...............................................P...............................text...W<.......>.................. ..`.rdata.......P.......B..............@..@.data...@....`.......R..............@....rsrc........p.......T..............@..@.reloc..H............X..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsnE9FC.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):317230385
                                                                                                                    Entropy (8bit):6.93940854569722
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3145728:MEQqgvUBRlhK9QJiDS610scieJq1SXCSnsmdAGG:ME/Ke0Djq7hCSk
                                                                                                                    MD5:50707CD5E1D18F778F39B17763E21CC0
                                                                                                                    SHA1:3D413281BD5B548F3A786E024308B7C49EE10A6A
                                                                                                                    SHA-256:856D30E5CD1B59BD1A6DCA526DECF32BC305AEBE0026EA7DC7579755D21FA12E
                                                                                                                    SHA-512:0F9C8A151444D51E2341361A0078EB1E6F1C3975337420D99A3251A3E3B93A53A1B2286FCDDA1A39EE19A0DB6C30F637678DC23EC4672ADD57D0ADE1061BC24D
                                                                                                                    Malicious:false
                                                                                                                    Preview:........,.......,.......D...............8.......6...............................................................K...........................................................................................................................................................................3...............92..................................................................................................................................j.......................k...................................................................................................................Q...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\nsrC311.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):93300544
                                                                                                                    Entropy (8bit):7.999992720763301
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:1572864:HvJnROhHwF/TthjMlkV2j6aiP+KLli9OgHgvIylJU6TSABaJGGO7WhGSNdQzFAnf:HhRCHKbtx/c2+KWPAvIm2LdW7WhGSbQl
                                                                                                                    MD5:3091083F66939A0DF8DBA2D77E65FC51
                                                                                                                    SHA1:9C43859F0F0A96EC49776B704DAD7C6AC8A7372E
                                                                                                                    SHA-256:268074A4D186FBED5B5F99632E09C453A38859F68775A7E77E1156C006CF894D
                                                                                                                    SHA-512:8BCB75C79ABD54B263EC175C4B67963980175D113B6AAB883A2157079E17B5A0ED01B825E9E08EDC6E6543339D478F84C181A0D2F23A0A92B34ECA9F7175A3FB
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................... ...........@.............................................HO...........}..`)...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata... ...............................rsrc...HO.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\temp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42
                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Fri Jun 21 12:27:50 2024, mtime=Fri Aug 23 13:57:55 2024, atime=Fri Jun 21 12:27:50 2024, length=2141536, window=hide
                                                                                                                    Category:modified
                                                                                                                    Size (bytes):1877
                                                                                                                    Entropy (8bit):3.5230551177923455
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:8ol1m4PaGtFfbAlRcewtkk6GiO/7AYkUwqygm:8olRPTtZMDceO6Giqkmyg
                                                                                                                    MD5:A9E706D1FD58DD3D1F183AE7ACBDD5BA
                                                                                                                    SHA1:2C320BE6BE0F4371FD96374D4A349F62B567A6D3
                                                                                                                    SHA-256:B19FDD3FBA84159AC3DD6AFF0DAD739D63273F50B6894A5F36710B58AEDB5FB6
                                                                                                                    SHA-512:319EB80341AED7241172D93E075B16B3A4444DB609BEEFC4B83C24E8A331FEF601B65A7109BC0556E1D556A73920B649694152DBB9FE6CB4BE49512E4D4AE964
                                                                                                                    Malicious:false
                                                                                                                    Preview:L..................F.@.. ...............l...........`. .....................0.:..DG..Yr?.D..U..k0.&...&......Qg.*_...g.}.l...1^..l.......t...CFSF..1......Y;w..PCAPPS~1....t.Y^...H.g.3..(.....gVA.G..k...F.......Y,w.Y;w............................l.P.C.A.p.p.S.t.o.r.e...D.j.2.`. ..Xyk .PCAPPS~1.EXE..N.......Xyk.Y<w....qS........................P.c.A.p.p.S.t.o.r.e...e.x.e.......[...............-.......Z...........~5x......C:\Users\user\PCAppStore\PcAppStore.exe..+.....\.....\.....\.....\.....\.....\.P.C.A.p.p.S.t.o.r.e.\.P.c.A.p.p.S.t.o.r.e...e.x.e...C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.P.C.A.p.p.S.t.o.r.e.../.i.n.i.t. .d.e.f.a.u.l.t. .s.h.o.w.M.,.C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.P.C.A.p.p.S.t.o.r.e.\.p.c.a.p.p.s.t.o.r.e...i.c.o.........%USERPROFILE%\PCAppStore\pcappstore.ico..........................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\AutoUpdater.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):437592
                                                                                                                    Entropy (8bit):6.493521915432252
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:oWK27OlKihE0VmJhHURhx0/HHu36jzbY85KYIJrC:acihE0VChHURhx0/HHPj/U2
                                                                                                                    MD5:E584051FD8FC3EA480EFAE9A6A246A54
                                                                                                                    SHA1:1EAFDB5095CEE780C47FC710C40EADCC16FE150B
                                                                                                                    SHA-256:B679FBB3CAD4A5738DA27761DA438B2D1A7DD179E40B5A8C15FE87C2EEFB3553
                                                                                                                    SHA-512:B62D821B56F3430A09BD97BE565EC089BBF2A6D622F35BC2706F4A721C35EA4B35CBBFCB8C06DF04D7BDCC997E1C84A8A32920D9CC99C8545E73A314BD54C024
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+t..o...o...o...$m..c...$m......$m..y...zj..~...zj..y...zj..8...$m..|...o.......W...m...W...n...o.h.n...W...n...Richo...................PE..L.....uf...............%............v.............@.................................C.....@.................................l........0...G..............X).......2..x...T...............................@............................................text...;........................... ..`.rdata..............................@..@.data....+..........................@....rsrc....G...0...H..................@..@.reloc...2.......4...P..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\PcAppStore.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2141536
                                                                                                                    Entropy (8bit):6.390678710721619
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:RDzJpHmQKjDCvmNe/lfWADk2SXpgZu3EHqXeF9iH0OmgQXVtnjCJl0a9C5JYGJSG:DtmQKfCvmNe/dDDh73oeXQ0JlsC5JY
                                                                                                                    MD5:92CC70D7D67DB4A1DFC22857920C9364
                                                                                                                    SHA1:EA5EE53DA20A09CACDC054B2FD462F10C901CB2D
                                                                                                                    SHA-256:71226B69696E60A14E516C80E0852E636E9C2AC1F4498EEB8D38D4A93DC57391
                                                                                                                    SHA-512:390F252A618539E0412177F9B43BA7E46E68909620E9ABE3CBB57DB2EF5E8A207B28C79E6D98BDE7F6DDB520C8D57B62F5D34B7A06AF3D6E1AE75D30BA7C29E7
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]*...K...K...K..R3...K..R3...K...4...K...3n..K...4...K...4...K..R3...K..R3...K..R3..>K...K..J..!....K..!....K..!....K...Kj..K..!....K..Rich.K..........................PE..L.....uf...............%.....:......z.............@..........................`!.....dA!...@..........................................0 .P^............ .`).... .........p...........................8...@............................................text............................... ..`.rdata..............................@..@.data....".......z..................@....rsrc...P^...0 ..`...b..............@..@.reloc........ .....................@..B................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\ReadMe.txt

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):146
                                                                                                                    Entropy (8bit):4.577360416859904
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:TKPyFfliFRNAl2sIaRjyM1KOTxLELMZ4MKLJF8EelYq8AsXJVVWM4v:TyyFflmSssI+j1NLELM6MKn8EquZVVCv
                                                                                                                    MD5:2845450EA9D938CFEA9809CA0C827F12
                                                                                                                    SHA1:8DE2189530DA5923365436C37E4C55C500AC3FBF
                                                                                                                    SHA-256:7FDADB3CA5B81C6D1C58A20610921BF89D63DC65B77BE982F422C6FD2A13F166
                                                                                                                    SHA-512:7D19FE6E9DD51BB880FD6FBB7EE126C8078771EE5166D53F312B04D117CE2897CBB6DFB5E5627314C3CF8B56F7A2BBF5B9D38258E7912B0AC5D420B611B7C363
                                                                                                                    Malicious:false
                                                                                                                    Preview:Fhis folder contains the PC App Store for Microsoft Windows.....For additional information, please visit https://pcapp.store/?p=lpd_appstore-faq..

                                                                                                                    C:\Users\user\PCAppStore\Temp\tempPOSTData

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1770
                                                                                                                    Entropy (8bit):5.207243573452192
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:YZ1Hd7yDF9hh93ZMqr8ZPfOqfTpHMmg8idVFzPTwBzwLhfQe:oNduZpMtZPPbhMmmdVpwBz+hz
                                                                                                                    MD5:56B0AC9F914C55AD1AF7E8B08E67BA1F
                                                                                                                    SHA1:0E1081DE365107C760934346B11A7C3ACA2CD7AA
                                                                                                                    SHA-256:C1EA951ED9BA59D124C930CF4DC1D4B49CDCDAA01E1310C4C5AE8D6D3F91A229
                                                                                                                    SHA-512:9C2F1D0707D0195A270B4DA29A2CB6E91F076FC94F30F65311CAEEC35C1B875BDBCE449012CE2769DFB0F69F596BA79E90965B01F8598ED01447D805FEAE89D9
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CTX1TBK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"CGP99SO_+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Ad

                                                                                                                    C:\Users\user\PCAppStore\Temp\tempPOSTResponse

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):73
                                                                                                                    Entropy (8bit):4.089026662492467
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YGVE8fptxgDQLRv6zjQJNRvUXZ5:YGFRt9IoNaZ5
                                                                                                                    MD5:3024A54E0C352ABE5EB5F753CA4828DA
                                                                                                                    SHA1:DF0206851654405C8E5C2D3BC96FB536B8C2DCBF
                                                                                                                    SHA-256:3CD0A703506C7394D6115D9FF721516560894358AEF07459F30D8930DF6C3B61
                                                                                                                    SHA-512:D9D44051DF56B29AA596EE38463B781DBE27F917F7DAE1B2420122616DA108520429DDA58C75C7E6B2D41093F83C5A4BAE96024885AF3956F23A3CE5BD3F9358
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"cpg":"default","inst_excl":null,"inst_addon":null,"inst_advanced":null}

                                                                                                                    C:\Users\user\PCAppStore\Uninstaller.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):93816
                                                                                                                    Entropy (8bit):6.889543501272891
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:mmsAYBdTU9fEAIS2PEtu3rUKpu4h7nR4sO83o0V+73APnQx:1fY/TU9fE9PEtu7UKpu694b83o0EUPn
                                                                                                                    MD5:1D87B00FAC4FEF95D766E5B9531A7DF3
                                                                                                                    SHA1:E0FA96AA09C7B261C5CA8AA53F5B07628497E498
                                                                                                                    SHA-256:F58DE1CB3443F1D9668607A9A68E31734A9AB426764B65F3BF25CA5EF67495C8
                                                                                                                    SHA-512:0F17F7DA88ABD491377A44BA3E31BBB02EA8E83D2745DF6233FBAE9BC1EA1046D6570CD98F579702AD7E33C4E6502AAD1A757F724B9C53A94B2962A9FD9E4779
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................... ......x.....@.............................................HO...........E..`)...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata... ...............................rsrc...HO.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\Watchdog.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):276320
                                                                                                                    Entropy (8bit):6.1430306959406735
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:y+BPcnjPR/usTaxqT266DZZG4c72LUnAR9i0oraOpAASo6mHYR4wyT3Ho6y7U:HEi02VD7G4cKoARs74gT31
                                                                                                                    MD5:7B432B3DA82D7E40916D1D2EB6F9F48D
                                                                                                                    SHA1:E399E64D069169E9C61068D111B7CF5F57BAE513
                                                                                                                    SHA-256:828AD0151134C8A6E80B3D1716BF8A35CD902B3EECF7E3009987693FFD696AE4
                                                                                                                    SHA-512:EAE6B619014979F7B529BFBC923D1F1047EFDF8C15BBB306FB4E02A9AAE05DBD99036602F7606B53812AF7DA369E55AD84D08B25DA8A083F3BF3121016762716
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X.L.6.L.6.L.6...5.I.6...3...6...2.F.6.Y.2.\.6.Y.5.E.6.Y.3.s.6...7.A.6.L.7...6.tF3.N.6.tF.M.6.L..M.6.tF4.M.6.RichL.6.................PE..d.....uf.........."....%.............*.........@.............................p............`..................................................w..x........G......\1......`)...`......p?..p....................@..(...0>..@............................................text...@........................... ..`.rdata..............................@..@.data...|&...........z..............@....pdata..\1.......2..................@..@_RDATA..\...........................@..@.rsrc....G.......H..................@..@.reloc.......`......................@..B................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\NW_store.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2312704
                                                                                                                    Entropy (8bit):6.449649685576397
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:gg6wrmvfu6ZPfRFq8BcvDEzT3CuaMUgKS:H8Zn3Ci
                                                                                                                    MD5:E472E46BDFD736351D4B086B4C4CA134
                                                                                                                    SHA1:1AA886F0CB23B3D322A43BE797D411FCA84D82A7
                                                                                                                    SHA-256:E825A252B5C5C9C2DE8A6A6ADE12A7F9CD0040F6A20E6EE44BA659034E6D5223
                                                                                                                    SHA-512:173F5A7ABDFEA01C9C21EC716CBA14EEC4539DA45E5734B3FD1E0688E1C22E4718BD701C25C8040D20CF48867E2A67EF2ABA46380BAB9AB1F7A42BD66FD33AFB
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........."..........R.......R.........@.............................0$...........`.........................................',.......,..d....0........................$.@!..l...8...................@...(.......8............4..........`....................text...X........................... ..`.rdata..............................@..@.data............F..................@....pdata..............................@..@.gxfg...P........0..................@..@.retplne.............N...................tls.................P..............@....voltbl.D............T..................CPADinfo8............V..............@..._RDATA...............X..............@..@malloc_h0.... .......Z.............. ..`.rsrc........0.......\..............@..@.reloc..@!....$.."...(#.............@..B................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\credits.html

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):9560433
                                                                                                                    Entropy (8bit):4.8475056659478915
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:/28lTEaiPJK0PJgVEv+F26vbV2f2EvYvAKMc/+uBPJ1PJLPJ1PJOPJDKspVosXxY:/2ETWgqSq+sIp2+qO1McdLRPiY2zXO
                                                                                                                    MD5:7A32B7C762C76BD3EE38E3E998705899
                                                                                                                    SHA1:E1C611A57115374A48CD84619BD06E43021B7352
                                                                                                                    SHA-256:726276A62DB14DD751F32B77200E90A8000712BD256ED038BEA928C6AEF0C892
                                                                                                                    SHA-512:9FE66FE4479915B0EFE12ADFB386BA251B2C2AF8CCD92B4D67F61C9D2AE537C6D3512E4379AFF10EAB3CD433FC1EDEC702E63DDFE4F83769A746FF249288D4DA
                                                                                                                    Malicious:false
                                                                                                                    Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<link rel="stylesheet" href="chrome://credits/credits.css">..</head>..<body>..<span class="page-title">Credits</span>..<a id="print-link" href="#" hidden>Print</a>..<label class="show show-all" tabindex="0">..<input type="checkbox" hidden>..</label>..<div class="open-sourced">.. Chromium software is made available as source code.. <a href="https://source.chromium.org/chromium">here</a>...</div>....<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->..<div class="product">..<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>..<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">h

                                                                                                                    C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4916712
                                                                                                                    Entropy (8bit):6.398049523846958
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                    MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                    SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                    SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                    SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\ffmpeg.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2028032
                                                                                                                    Entropy (8bit):6.64708834859118
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:x+QrVq8lxXjKAri3/8XLpvdZ4RAfdDY0K1w/cjWsdSJNTtMfxTCC:pdlNBfXt16RsFY0K3jWsdQVtM0C
                                                                                                                    MD5:5FFF6F0423A38BFAF174CB670650F4F9
                                                                                                                    SHA1:13ECD1C4784A5A178A998E9FC0DC08F556121712
                                                                                                                    SHA-256:D4E6FC4E1BC6CB5B3EF7010E61D3A65E97804FB20346CEE657688339075B2727
                                                                                                                    SHA-512:E6FF0EA9F6196470F6E094D0AB655FB527C28FC2B2A5D126A10C1F4185C0DFF5ED4F19E7ED717D67DF324562B7AA56ED87AA0BD396A6BA722D3141B9F30FC41B
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........D......0.........................................c...........`A.........................................T.......Z..(.....c.0.....b..|............c..2...<..8....................;..(....<..8...........8^..`............................text............................... ..`.rdata..\7.......8..................@..@.data....D......"..................@....pdata...|....b..~..................@..@.gxfg....,....c.....................@..@.retplne.....@c..........................tls.........Pc.....................@....voltbl.8....`c........................._RDATA.......pc.....................@..@.rsrc...0.....c.....................@..@.reloc...2....c..4..................@..B................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\icudtl.dat

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):10717392
                                                                                                                    Entropy (8bit):6.282534560973548
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                    MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                    SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                    SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                    SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                    Malicious:false
                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                    C:\Users\user\PCAppStore\nwjs\libEGL.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):454144
                                                                                                                    Entropy (8bit):6.3485070297294985
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:yLSe7mxAked1dLX9ValhL1IA9SbD/9PAE:yExAkedHLX9VC9OKE
                                                                                                                    MD5:7255FCCD39F330CA2123F380B4967E0A
                                                                                                                    SHA1:C8E0E1A3E129DF7AB8922F039FFDBBA20DFBA8E2
                                                                                                                    SHA-256:22C2E5452FB01513C331B9E88313830C96EB3E554FAB942AFCBD6FB8702DF730
                                                                                                                    SHA-512:ECD66B0A43AEFD2C4721CD574D2394A2A9069B5258E310A0FC16C3919FD2505BFE91DB2FF8E4B5C7EF0187C86B167004659D15943F5BE6DF42BBFC297FB42119
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .................7....................................................`A........................................`...h.......(.......x........A..............(...L...8...................0...(....)..8............... ............................text...2........................... ..`.rdata...}.......~..................@..@.data....O...`... ...H..............@....pdata...A.......B...h..............@..@.gxfg...`%.......&..................@..@.retplne.....0...........................tls....!....@......................@....voltbl.8....P.........................._RDATA.......`......................@..@malloc_h0....p...................... ..`.rsrc...x...........................@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\libGLESv2.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8058880
                                                                                                                    Entropy (8bit):6.448026576223661
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:XUoMnbHa6h5CmPt75W2+G15kI6a7Xm3rC:gDTCe4rt/aTCr
                                                                                                                    MD5:6CD8726BEEFCFA69B48EAB1362A5CAD5
                                                                                                                    SHA1:F4249179B86C0A870C55E6C5A263180C77017E81
                                                                                                                    SHA-256:2636DA528EDCAEC9834255A92411BD5DA921D793825D74CEB997E336A0DBD393
                                                                                                                    SHA-512:0F6600315B0E1B5371BB39290E5417EBAA0F3C7FB47EEF32D73AFCE299722A426DD244FD3775D88FCEB6F170F16B23B099244EE825F7F8185D58F1BF28583515
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......^...........Z.......................................{...........`A.........................................2r.......s.d.....z.......x.HX............{.|...$.q.8.....................q.(.....p.8.............s.....@1r.@....................text.....^.......^................. ..`.rdata..d....0^.......^.............@..@.data.........s.......s.............@....pdata..HX....x..Z...pw.............@..@.gxfg....,...pz.......y.............@..@.retplne......z.......y..................tls....Q.....z.......y.............@....voltbl.D.....z.......y................._RDATA........z.......y.............@..@malloc_h0.....z.......z............. ..`.rsrc.........z.......z.............@..@.reloc..|.....{.......z.............@..B........................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\af.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):502905
                                                                                                                    Entropy (8bit):5.409605383978337
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:Mqyim2uho5EnirXKhaG1B2+H2JynyaH4IFzZo0vgElgA2W0PSq+2ss30fzO75g6p:U2uhounkXyd1B2+H2JynyaH4IFzZo0ve
                                                                                                                    MD5:8032CB8A1B40AC85ACBEAFD6514BE668
                                                                                                                    SHA1:EE15C360BD913FFEC94E9E36224548CA83B2564C
                                                                                                                    SHA-256:1762EB36E254C02A50ED089ED737235FD7A64C0D234581612ACA56F6398CAC97
                                                                                                                    SHA-512:956241DA1EE60C648417C6BF3921554F1F19AB17163DBDA764AE0DC21E1729C9357BFB900B1F948D2C649F9D53DA7CEFF3128B8CFAB34FD03053A8C37C663F5D
                                                                                                                    Malicious:false
                                                                                                                    Preview:........$&).e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z.................................................................Y.................&.......................).................H.....]...........#.....X.....q.................9.....G.......................*.......................4................./.....L.................:.....L.................6.....E.................T.....j...........R.......................G.....d.....u.................,.....9.............................I.......................?.......................%.....m.......................6.....].....f.................(.....1.................`.....w.................:.....R.......................5...............................................P.............................~.......................~...................................p.................] ..... ..... .....!.....!.....!.....!....."....Y"....}"....."....."....9#....d#

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\af.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\am.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):813426
                                                                                                                    Entropy (8bit):4.915984741122479
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:dTZog2ule8/xHT9KG3Sj+KRRz0l85X9icV03OzP+Xx30jH8+j:/ogg8/xpKGCj+KRRz085X9icV03OzP+W
                                                                                                                    MD5:7B88BD642C86EC4D4FB9A5614D1DA63F
                                                                                                                    SHA1:92CF23267B78039E2413F7F7F90E6636614A0C5C
                                                                                                                    SHA-256:0C1DE970426BA291B10CD08FF0E6B078ADF4C1D07B24E0D89D9322FD2EC2E296
                                                                                                                    SHA-512:17E2381491A8844D1AD6910C3876C817ADE5CF2DAD8461771BAE9E967F7F64954917E20F8258CE6548AF1C21F8CF7E9477C7BCDCE6DD216140BF4D32410A31D9
                                                                                                                    Malicious:false
                                                                                                                    Preview:........?&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.%...s.6...t.?...v.T...w.a...y.g...z.v...|.|...}.....................................................................................0.....O.....$.......................u.....-.......................i................................... .................\.....o...........h.................f...........7.....g.....J...........\........... .............................\.............................r...........l.....+.................Z.......................z...........".....5.................B.....U.......................?...........o ..... ..... ....r!.....!....Q"....g".....".....#.....#.....#....l$.....$....6%....F%.....%.....&...."'....H'.....'....;(....u(.....(....!).....).....).....).....*.....*....C+....\+.....,.....,.....,....E-.....-....'.....`............/...../...../.....0.....0....A1.....1.....1.....2....`3.....3.....4.....4....y5.....5.... 6.....6.....7.....7.... 8.....8.....8.....9.....9.....9....p:.....:

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\am.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar-XB.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):822020
                                                                                                                    Entropy (8bit):4.925237393732045
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:vFB3t9DiYK8a4HHFLrgOIPcd1CyWpQ5fuiDbmpQ:vn3t5SzU5fu+
                                                                                                                    MD5:621B390B8AF0C70D682715323A92B61F
                                                                                                                    SHA1:C34B2F2C91CD0786FEBBD26223D1CB096A87C1F4
                                                                                                                    SHA-256:729B677BE93020DDEF1297869CA7378D3A102927294C634A1087D63F48FB8A79
                                                                                                                    SHA-512:E55691ED5FBCEF7AA8330CABDA72E9D803E12784B661A42FFE3FF725FE663AEF62EED407FDC2269135437AB7AE047A6F0CCEAA90F2349073E554DD45C5F9D0BC
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&g.e.....h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...q.d...r.p...s.....t.....v.....w.....y.....z.....|.....}.........................................................................3.....N.....j...........].....!.................t...........p...........S...........}...........R...........J.....q.............................x...........H.....a...................................n.......................4.................A...........%.....A...........q.......................g.............................&.....G...........D.................!.............................A.................^ ..... ....R!....j!.....".....".....".....#.....#....,$.....$.....$....2%.....%.....&....5&.....&.....'.....(....E(.....(....P).....).....)....W*.....*....%+....R+.....+.....,.....,.....,.....-......................D/...../...../...../.....0....:1.....1.....1....o2.....2...._3.....3....s4....J5.....5.....6.....6....Y7.....7.....7.....8....'9....}9.....9....!:.....:.....:.....;.....;....M<.....<

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar-XB.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):897122
                                                                                                                    Entropy (8bit):4.928723053414015
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:CIPFaBsPG/d/RXZwRq4fvPU7XUUk/K58N0j+JzIQ4pF:CIvAAC5h+c
                                                                                                                    MD5:3C8E3C5B1D029E9A01943DDBA053C37F
                                                                                                                    SHA1:785EE0C46B11A19C80770F2B310057E59D90C2E1
                                                                                                                    SHA-256:98CD654847FF28C0EE580A7374276EE5BD2A38DDE8F45ADFBACBD7917E4C026D
                                                                                                                    SHA-512:DCA2FC0BE678BEBF047DBAA5A71C01AD57F9B463E3F80DBFABC0937BCFDCEEFC8AE84FD415C40D0B6B713FFF24CEBFB84373ECDDE3741F78265E082C5B9951D0
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%Q.e.>...h.B...i.M...j.Y...k.h...l.s...n.{...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....D.....I.....b...................................o...........,...........#.....E.......................0.......................$...........?.........................................x...........\...........\...........n...........s.....C.......................(.....{...........J...................................4.....s.............................r.................1...........;.....{...........K...... ....u ..... .....!.....!.....!.....!.....".....#....r#.....#.....$.....$.....$.....$....w%.....%....C&....X&.....&.....'.....'.....(.....(.....)....C)....i).....)....d*.....*....C+.....+....:,....X,.....,....{-.....-......................./.... /...../....C0.....0.....0....91.....1.....1.....2.....3.....3.....4.....4.....5.....6....e6.....6....+7.....7.....7.....8....g8.....8.....8.....9.....9....k:.....:.....:.....;

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bg.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):927865
                                                                                                                    Entropy (8bit):4.686646990438899
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:4Tax7YKC3cquMMLYzzQkECPUwVbtbHp373ZL+3aAKHkVDYyKzumpod2nm5g0XuGq:W8C3cquMMLYUKUwVbtbHp373Zq3arkV8
                                                                                                                    MD5:27C55B97D549BCF13145EC75F0A503CA
                                                                                                                    SHA1:4D7BEC85366FBB602EB6FC02297FB402BD40B6BF
                                                                                                                    SHA-256:F2EB47878B5D34589A2AFC2E74AB346003BF4D2C450230B9CFD084935BB54A4D
                                                                                                                    SHA-512:CA3ABB2403B8A67A53F2156E11C361B137F45378737E39D45D5F77148FF3CD031E37DB9EA144B76749667CBA20698C2049E86CA5927475B1E22112751B9BDF3F
                                                                                                                    Malicious:false
                                                                                                                    Preview:........$&).e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z................................................................. .............................K...........................................................V.........................................^...........p...................................&.....n.....X.............................L...................................I.....\.....5.......................E ..... ..... ....R!.....!....5"....]".....".....#.....#.....#.....$....?%.....%.....%....h&.....&....<'....['.....'....n(.....(.....(....g).....)....#*....I*.....*....|+.....+.....+.....,.....-....}...........Y/...../....'0....W0.....0...._1.....1.....1.....2....w3.....3.....4.....5.....5....06.....6....L7.....7.....8....A8.....9.....9.....:....8:....&;.....;....;<....p<....`=....;>.....>.....?.....?.....@....7A.....A....LB.....B....?C....wC.....D.....D.....D.....E.....F.....F....hG

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bg.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bn.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1193463
                                                                                                                    Entropy (8bit):4.299730648702171
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:o3d2APzZl1uPXdf826YBWviytaGHFGuzhr0Ylf14/QISydDbrK8VBbFKQg51lNDS:o3d3Fl18fPAtt1MFSydHrK8VBbG5llA
                                                                                                                    MD5:7351AE61AE5884088AE68CE5BE0043D8
                                                                                                                    SHA1:DBEEA5DA228F63A405548F0E6F82FBBB3D624058
                                                                                                                    SHA-256:D367339A1AC5CE27E58AA03D33E567C06C02F4AC87DB26ACA5D8A3D915AAA01A
                                                                                                                    SHA-512:85D5D0372C162DE8660B4A8A4EC493585C6C3D29F999F1734C319532DB572A13C91C87320BE139F9FFA957ADD52CDC36584226FAF5AFC39F8A82A2E9C146156B
                                                                                                                    Malicious:false
                                                                                                                    Preview:........%&(.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.'...w.4...y.:...z.I...|.O...}.a.....i.....n.....v.....~.......................................................................Y.................I...........z.....Q...........*.....O.....I...........F.....>.............................G.......................G.............................Q.................t...........Z.....I.............................K.............................]............ .....!....Q"....."....n#.....$....L$.....$....'%.....%.....%.....&.....&....H'....{'.....'....~(....-).....).....).....*....(+.....+.....+....s,.....-....g-.....-....5...........!/....D/...../.....0.....0.....1..../2....K3.....4....^4....X5....'6.....6.....6.....7.....8....L8....|8....J9.....:....w:.....:.....;....d<.....<....s=....->.....>.....?....??....$@.....@....-A....eA....hB.....C.....C.....C....)E....}F....pG.....G.....H.....I.....J.....J.....K.....L.....L....0M.....M.....N....7O....fO....lP....@Q

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bn.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ca.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):573774
                                                                                                                    Entropy (8bit):5.391859865204477
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:gQQL7QREpAp973K5PqF4N3Mw2juwHzejm0t3lvqbETX9/RSHhIsjcmlLEYuCJkdz:hb9zaBRnvWDMN8UpOO5k/mVb
                                                                                                                    MD5:F6E50323E0C5A657EBDC2FE7285C15F6
                                                                                                                    SHA1:944356D207A7962A81801BB76B0E2C5226FF7F1E
                                                                                                                    SHA-256:DE474CF24B68B6D862C96B8057EDE3F53C6F63C46532E4988E9D1979B1CF59DA
                                                                                                                    SHA-512:8BC4EA1E2EB03E0423A7C3008BF6001B904928B5B7D7E84D61469C8D8CDBD34E9A4FFFA900B7CBF4216FBA3A469D7A26AF9C22E618902C28044F426693B09EC7
                                                                                                                    Malicious:false
                                                                                                                    Preview:........"&+.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.$...y.*...z.9...|.?...}.Q.....Y.....^.....f.....n.....v.....}.................................................................9.................3...................................n.................P.......................T.......................K.....~.................y.................n...........$.....J.................^.....r...........,.....c.....w...........U.................Q...........5.....[.................<.....X.......................(......................................... .....5.......................1.............................[.......................>.......................^.................0.......................3.......................V.......................t.................Z.................. ....7 ..... ..... .....!....(!.....!.....!....6"....R"....."....w#.....#.....$.....$.....$....0%....Z%.....%....)&....\&....|&.....&.....'....='....P'.....'....((....h(.....(

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ca.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\cs.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):583431
                                                                                                                    Entropy (8bit):5.838398613999325
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:eV2UufpvPlAhTbe65aU8rwsiNOA3SzmPN:eV2UufpvNAhHh5aU8rvYOrzmPN
                                                                                                                    MD5:7F1AD2897B210C4C25CFBDF0736F6809
                                                                                                                    SHA1:62E0335A63BC9E2AE8A9826E08256B00E433D9F5
                                                                                                                    SHA-256:E0826C8E2FE737307D09D808BC693A397E0F1E093AC249B24CEB48327685A4A4
                                                                                                                    SHA-512:C656B1FF7FCD93B3AEF5FC9E91373D0588520546EAF6CB5E2F965FD66ED0D60E2C04FB22155723D6EFDFDB377EF98CD6420F9944C5B0FC4AE8DE14C830A05B15
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&;.e.j...h.n...i.v...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.1.....9.....>.....F.....N.....V.....].....d.....k.....l.....m.....o.............................T...........G.....e...........).....^.....m...........p.................V.......................{.................$.....w.......................z.................7...........H.................$.......................N.......................w...........2.....G...........B.......................Q.....n.................*.....V.....h................./.....@.................F.....Z.................R.....d.................9.....F.................H.....[...........*.....d.....x...........m.......................`.....{.................0.....Q.....p...........7.....c.....y...........Y.......................w.................. ..... ..... ..... ....I!.....!.....!....."....t"....."....0#....B#.....#....T$.....$.....$....2%.....%.....%.....%....<&.....&.....&.....&....@'.....'.....'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\cs.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\da.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):530651
                                                                                                                    Entropy (8bit):5.44607278354406
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:QnPhyMLsqSAzVWgss5sbse814eBjtwlRDdJwL2obEXZaFRQ5gk2rp/b3d4nTGqF5:WDgxsJjiT55g/r2Tpj
                                                                                                                    MD5:9D6A98D53208092F687AD7BB3DBAED7D
                                                                                                                    SHA1:161D0689CA85147B356167F98EAD84783E331986
                                                                                                                    SHA-256:04BF402123BFA1C7E256A62A666C0488A42ACEB585C1A9A744341EBC6FDD9A7C
                                                                                                                    SHA-512:B85832A3DBF5C97870683A655E2CB0F00C04DA4907644561894BB34DE9756334E60CAF75F0CB42E43692BF00C5EF3CFBE6D2E8F7802FFED8E6948757D2DE3E5A
                                                                                                                    Malicious:false
                                                                                                                    Preview:........&&'.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................\.................".................@.....X...........d.................1.......................1.............................x.......................y.................<.......................w...........#.....6.................C.....W...........`.................]...........5.....[.................8.....J.......................#.....q.......................\.......................b.......................[.......................?.......................!.......................-.......................t.......................X.......................3.......................0.......................n.......................n............ ..... ..... ..... .....!.....!.....!.....!....:"....H"....."....Y#.....#.....#....%$.....$.....$.....$.....%....d%.....%.....%.....%....O&.....&

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\da.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\de.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):571551
                                                                                                                    Entropy (8bit):5.489447532911186
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:if1WFbCgp1nHaxa03K7UpKD93g/ahmOC2GzV6wAXaOV5jbt5sRqJoUaM5QIBCAL:wQAgnp03K7Up4g/a01JE3t5yUfvBCAL
                                                                                                                    MD5:851D55585CBC90143DD4C70EB4900574
                                                                                                                    SHA1:DA5DBD04CFEFE63D1DB69D7C6E19DAC34F379C39
                                                                                                                    SHA-256:DDBAFE037C6E7509650373D084BC0F198D3ABB7BFD93FAEDD5595F1B354EDC32
                                                                                                                    SHA-512:B1718430F3540F2455E93A1F6C47E92D7FEA99A9943E8C585EBD4DD807B5A4C1172BBDC83D434EE806C5FC3875B60D7EBDEB933D1CDE6DB50DCED9C0DAAFCD04
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.0...t.9...v.N...w.[...y.a...z.p...|.v...}.........................................................................................................................{...........;.....P...........H.................).......................e...................................:.....N...........T.................=.................!...........".....\.....m...........o.................V...........<.....V.............................z.................".................%.....7.................6.....G...........T.................!.......................S.......................|...........&.....5...........'....._.....q.............................w.......................q.................. ....o ..... ..... .....!.....!....)"....b"....."....."....c#.....#.....#.....$....}$.....$.....$....H%.....%.....%.....&.....&.....'....b'....l'.....(.....(.....(.....(....e).....).....*.....*.....*.....*.....+....)+.....+....(,....`,

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\de.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\el.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1016551
                                                                                                                    Entropy (8bit):4.766567786580532
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:WStxYcxPdGgxh1hxFFiL9+YJXDsSaSmqHuuD2Np6P4j/MAVH8yeVd85tRDQr3egJ:TtxYcxPdGgxh1hxFFiL9+YJXDsSaSmqv
                                                                                                                    MD5:F497F06BC0430F2FA1E2BFFC32E2B9C5
                                                                                                                    SHA1:38141C3F85FD4A8FCF2A82B0DEB68BD93F062F60
                                                                                                                    SHA-256:B3CB15115252BBF1363B7231ED32309C9E2E5B6EEEC1B2BBC2700A49A26E56D0
                                                                                                                    SHA-512:C455DE6466A9FA535C685163A6B4540DC00EB51CC5565ADDFB0E124E3A29CD4AFEC7AB9DF7848C9D3A6C7F435E1CC761F74D8F162D8BC7378D086E96EFA2E705
                                                                                                                    Malicious:false
                                                                                                                    Preview:........%&(.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z...........................................................R.....y.....W...........C.....>...................................X.................C.......................O.................k...........J.....j.....9...........X.......................(.....b.....4...........s...........u.....1.......................z...........0.....d.....\...... ....I ..... .....!.....!....!".....".....#.....#.....#.....$....<%....|%.....%.....&....m'.....'.....(.....(.....).....)...."*.....*.....+....1,....X,.....-.....-....'.....N....../...../....#0....D0....O1....W2.....2....%3.....3.....4....!5....V5.....5.....6.....6.....6.....7....(8.....8.....8.....9....Y:.....:....-;.....;....|<.....<.....<.....=....l>.....>.....>.....?.....@....!A....PA....zB.....C....KD.....D.....E....lF.....F....&G....6H....2I.....I.....I.....J....iK.....K.....K.....L.....M....zN

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\el.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-GB.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):459985
                                                                                                                    Entropy (8bit):5.5152848417450615
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HAeAGZgSZ+XKFELrqmjLCd3MP9ej7HXfaYISMv5n5CSEBcWRnFc:HjfZgseoEL5C3Ma7H6N5CSgc
                                                                                                                    MD5:F8EEEBF6B363D8578D769AA05FED5BA7
                                                                                                                    SHA1:12E8B6FE48CA49936769B766A9A13510D9569A20
                                                                                                                    SHA-256:1F7D3BEACD2A55F3BF2D3571BEF1D05FA333FADD9E6CA141C2525B0678824CDD
                                                                                                                    SHA-512:3AAE1B6881E50E88635336218D7C13ACF81687AD78FB902900746EB875D9DD29DBF83A1D51344DF617DD86E31BAAD04564460ECC48886308E742830412E8C71D
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&..e.`...h.d...i.r...j.~...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.-.....5.....:.....B.....J.....R.....Y.....`.....g.....h.....i.....n.....{.............................~.......................|.................$.....}.................(.....t.......................J.....s.......................5.....B.............................v.......................l.......................H.............................^.......................^.......................*.....E.....T.............................8.....u.......................J.....|.................&.....S....._.......................!.....i.......................).....n.......................[.......................:.....].....s.............................{.......................J.......................1.....h.......................;.....j.....z.................W.....o...........B.......................X.......................N.....z.......................4.....D..................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-GB.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-US.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):464664
                                                                                                                    Entropy (8bit):5.505055040425703
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:V0BSJCCPeiISZuw3jcMP9eD3D9faYLbcNx5FSZngP/eXywB:8SJDPeDIjcMY3DzA5FSHywB
                                                                                                                    MD5:4B6300C27E7575C32888C1F3364D5346
                                                                                                                    SHA1:C5F5E1D3524ACC96FB4E18C08B02F54ABF83C3D4
                                                                                                                    SHA-256:0945C89B16D4FEBA346E85E14792B772DCC6278F7DCA7FB099A6100C93E79740
                                                                                                                    SHA-512:3F21B6F4A3E18755B355CE5F20384D549B3F723104A67C67AE521D2C4544AA3095FADA8855A0CC1A10E7C5BF3E8F55D061AB2DCEC210F76101A61D9484D4EE6F
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.&...q.,...r.8...s.I...t.R...v.g...w.t...y.z...z.....|.....}.............................................................................................................;.....N.................".....2.................-.....C.......................+.....w.......................<.............................E.....j.................4.....i.................".....S.....a.................#.....3.............................i.......................\.............................6.....U....._.............................e.......................F.............................V.............................>.....I.............................l.......................g.......................).....e.......................+.....M.....\.................5.....[.............................Z.......................?.......................;.......................`.......................a.......................+.....i.......................C ....t

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-US.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-XA.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1031027
                                                                                                                    Entropy (8bit):5.210875521790238
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:HmdiMRfFgJWHLboEFFRyYHiLNQTCvXTOnXv1x7S6a8wGi4ADjn1VtuYtP01+Z5zp:H/sm5z9v
                                                                                                                    MD5:D5A14353A7FCC1F199F9234BD4551FF9
                                                                                                                    SHA1:7476E2846B6C0D03338A074D7FE325BB468992FE
                                                                                                                    SHA-256:E5CFEBD81831A65CA268866A8EEADB334F64FA3B0853BD550E5BB69724408FBC
                                                                                                                    SHA-512:BCE4FB535509834EA32ACBA72FC22B76CE591F9B6C1C15207B023460F59E9BC6F65118F816A82D235E7F20E26BF822EA102C95B5DA71FCFF099D56215945BD27
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&g.e.....h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...q.d...r.p...s.....t.....v.....w.....y.....z.....|.....}.........................................................................8.....[.............................k...........t.....=.............................f.................J.......................t.......................a.......................g.............................]...........i.............................P.......................q........................ ..... ..... .....!....."....O"....y".....#.....#.....$..../$.....$.....%.....%.....%.....&.....'.....(....[(....%).....)....a*.....*....C+.....,....s,.....,....R-..........~...........X/.....0....~0.....0.....1....x2.....3....M3.....4.....4.....5....J5.....6.....6.....7....J7.....8.....8....!9....K9....2:.....:....q;.....;....z<.....=....L=....r=....U>.....?....|?.....?.....@....EA.....A.....B....,C....8D.....D...."E....!F.....F....zG.....G.....H....dI.....I.....I.....J....RK.....K.....K.....L.....M.....N

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-XA.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es-419.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):560321
                                                                                                                    Entropy (8bit):5.366866302767652
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:jjxzJ7FnfONzx0T8puYnKwoR5g6qLFYUudBm+u:nP8/pQj5g64F4Tu
                                                                                                                    MD5:AAB525A7681AE93791B283205064E2B4
                                                                                                                    SHA1:A021DBDCD3F269B77D7133F47B63906FFF794F76
                                                                                                                    SHA-256:5EF4BB4558102F2E39669208BECE79FD5B474E0A87C8A1EED5BCD6B13DA6C6FA
                                                                                                                    SHA-512:841CD903FCF716692FF1873EDAC4FEB5F8B907AFEC1D0DEBFABB39255A74B9B2096FAE3E562E95893DAC731EF46D07B12B6A441975042981CC88638B7673B435
                                                                                                                    Malicious:false
                                                                                                                    Preview:........+&".e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.*...w.7...y.=...z.L...|.R...}.d.....l.....q.....y.........................................................................................v.................i.................Z...........7.....U...........B.......................B.....l.................<.....d.....u...........o.................n...........".....L...........).....n.................V.................)...................................j.................(.....W.....r.................K.....Z.................R.....h...........E.......................a.......................W.......................<.....l.....v...........D.........................................Y.......................c.................J.......................r...........) ....j ..... .....!....?!....Y!.....!....."....O"....h"....."....5#.....#.....#....*$.....$.....%....(%.....%.....&....z&.....&....#'.....'.....'.....'....5(.....(.....(.....(....7).....).....).....*

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es-419.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):559178
                                                                                                                    Entropy (8bit):5.34611084339133
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:tMTZMKZuHswv12Jp/bNg86ip3+UxojFtnj45vzr700Iu96PZrk8jb:AZMKUGVVLpzojTnj45brY0sb
                                                                                                                    MD5:078BD56804D26C26E9AA4F41BF6549F6
                                                                                                                    SHA1:B1B575D34769F35CF28158BCB40C92264DECC551
                                                                                                                    SHA-256:99389110A1497D3999E8CB5799A629A471D221E07C2818CEFEEDB1C95BF5A9F3
                                                                                                                    SHA-512:4108B3BDED940A7D3939EE68DD489A4453391BAE548285867B81A50217C248280111853A1EB6838B6C079A01A74D11CEE61E7F441CBC6D7BA91F1DFAE3EE602F
                                                                                                                    Malicious:false
                                                                                                                    Preview:........2&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t."...v.7...w.D...y.J...z.Y...|._...}.q.....y.....~.........................................................................................+.........................................v...........f.................c.......................u.......................v.................7...................................V.....t...........L.......................p.................@.............................#.....q.................K.....~.................@.....h.....w...........:.....p.................R.......................M.......................:.....k.....v.................N.....X.................E.....U...........C.......................Z.......................T.....{...................................A.................1 ..... ..... .....!.....!.....!.....!....."....."....."....."....>#....X#.....#....l$.....$.....$....o%.....%....:&....c&.....&....F'.....'.....'.....'....@(....f(....y(.....(....J).....)

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\et.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):509452
                                                                                                                    Entropy (8bit):5.455817407928288
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:Z0izVKnUJ1HNRSUSx+DuM/Fb0WmFosQ4Eqsoh7Pwiw4dQH5ejnrlvCKMvaKWcEzn:vVKi7S65JmFosZtQH5ejJsW
                                                                                                                    MD5:45E28E64378FABED845EB242A8F1563D
                                                                                                                    SHA1:8FAA0651CA0D29596CA294DC448CB870D553C0FF
                                                                                                                    SHA-256:68386C75B1E414B5F94E1AA5EB9A98A42B6298177FABB834A8B9E96E1EF70A2D
                                                                                                                    SHA-512:3165EC45C2958C382832E4528D38966C28CA90C84777FD48D762FBD75F31FD52BD1B2C069BA4644504913219FAD5DDC08980F69DC67B9AB03D392AFC1321C339
                                                                                                                    Malicious:false
                                                                                                                    Preview:........:&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.!...s.2...t.;...v.P...w.]...y.c...z.r...|.x...}...............................................................................................................................t.................&.......................I.......................I.......................;.......................=.......................M.......................w.......................{.................'.................).....A...........6.....{.................W.....y.................=.....`.....l...........!.....K.....[...........).....c.....n...........5.....o.....}...........6.....g.....o.........../.....b.....q...........0.....d.....l...........T.......................U.....t.................H.....l.................<.....t.................I.....}.................L.....f.....w...........;.....c.....{...........G ..... ..... .....!.....!.....!.....!.....".....#....I#....n#.....#....J$.....$.....$.....$....-%....I%....]%.....%....+&....Y&

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\et.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fa.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):825360
                                                                                                                    Entropy (8bit):5.0557125829631335
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:FqvG8u313uyqoT+s1qLpRmX1loT4RmdAQifaQ2XxFMJGk620dri1HMX9O9xdpxHk:Evpu55M
                                                                                                                    MD5:A13029CB1D5873121E6BDD0929A6C772
                                                                                                                    SHA1:7B88AE77DF959B8C01F5F00F2B0DFC30ED0A85EA
                                                                                                                    SHA-256:2527D1821D08E43D2F1259A1F910AF986632B8AEF9257D2FC37BC285AF7EE217
                                                                                                                    SHA-512:AF272D021316A71CF2A98126AF9CA993122B3B7B766C6D34003BCDC2FC5936BC4FAE95293B1D74FE35A0C81150D45E95ADABC4B34118974D214049FCDBEE74CA
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%p.e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................%.....A.....k...........w.....H.......................M.......................]...............................................K.................=...........#.....D...........}.......................O.................Y...........E.....a.................................................................*.....N...........W.................,.............................!.....c.....z...................................@ ..... ..... .....!.....!.....!.....!.....".....#....R#....t#.....$.....$.....$.....$.....%....I&.....&.....&....L'.....'.....'....!(.....(....h).....).....)....}*.....+....j+.....+....>,.....,..../-....u-.....-....k.................e/.....0....a0.....0....&1.....1.....2....%2....#3.....4.....4.....4.....5....N6.....6.....6.....7....98.....8.....8....39.....9.....9.....9.....:....G;.....;.....;

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fa.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fi.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):517467
                                                                                                                    Entropy (8bit):5.424845538875905
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:RKUtqd19KJOKu4ar5HZ7kfCHEpyWaZ7WYM:Ntq8S5HFHAl
                                                                                                                    MD5:E7B72F44D711DECE8E3043173A553AC4
                                                                                                                    SHA1:892424E4E011AAC47B068F9FD929B5E41BCCA525
                                                                                                                    SHA-256:5F1A9DF87400AF56F748026F3BAAA41756A4C42FCE4791AABFE2087441689340
                                                                                                                    SHA-512:A2907B8E12CCDD0FC5601C37F23CCD5556B4EAE18CB1833481D01B39B30EC643167B0C8295EC9EE8CE851B0C7968E83F9C47C6E1D4543A371A62485D1832835A
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%..e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.X...t.a...v.v...w.....y.....z.....|.....}.....................................................................................'.....@...........E.......................s.................(.......................O.......................Y.......................7.............................\.........................................9.......................5.......................8.......................X.................&.............................[.......................!.....k.......................;.....e.....o.................N.....[.................#...................................l.......................a.................0.....~.......................K.......................A.......................?.......................I.............................f.......................^.................7.................................... ....2 ..... ..... .....!.....!....p!.....!.....!.....!....7"....."....."

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fi.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fil.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):584976
                                                                                                                    Entropy (8bit):5.195604084490558
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:4ln56kcajNxYUC36tIQy7DQEuq2V8L0dnGNLmG5eXmi1YARFtK:KnAkcmqnxEG5omt
                                                                                                                    MD5:F7F3CC17509AF03E639E983A091C2026
                                                                                                                    SHA1:D36E61E50B5FA99BE2A3C3727AFEB142969C8308
                                                                                                                    SHA-256:5D586C9BFA38452CDFB50BF5D2E9B98E68A8E7CC73E4D641D8FD6BB3E7EC5712
                                                                                                                    SHA-512:5A2C037D0AFDC82A4ECA642F43CC10E0040B7F97BE9DA14A8F806970C1E07BEC9CD69AD816A91A41946F35FF7A760ACC65DF21F6CD9D365ACBBA345FF0C1FF70
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v./...w.<...y.B...z.Q...|.W...}.i.....q.....v.....~...................................................................................-.................(.............................4.................5.......................h.......................u.................+...........+.....i...........+.................#.................[.....q...........[.................1.............................5.......................s.......................i.......................R.....|.................h.........................................&.......................(.......................).......................M........... .....=................./.....M.................. ....! ..... ..... .....!....2!.....!....'"....n".....".....#....l#.....#.....#....&$.....$.....$.....$....j%.....%.....&....A&.....&....u'.....'.....'.....(.....)....S).....).....)....d*.....*.....*.....+....j+.....+.....+....",.....,.....,

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fil.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fr.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):606342
                                                                                                                    Entropy (8bit):5.380118288987104
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:n2sEZLqUMDpDgEL6QuaMVWXKz05qlZQmZyMYnYtkL09ujzxRe5hxkJSW7v40wCJ/:zj2VIN5JL
                                                                                                                    MD5:326917C8F37FE85E58AD3DE991D17A78
                                                                                                                    SHA1:683ED0FB95F33DC2B095E774AD3DE84B0E4A63E3
                                                                                                                    SHA-256:CFA45E5F86F70AE4D47D82BCEC6C245E618212E67CE8B7BF0A1BE0BE41C6E6E8
                                                                                                                    SHA-512:3FDF2B1C8031A06D5140449E22861545CC80E1417A70558DB2ACAC25733AC156A0D7941B053A7CFFB2ED193BBE5E0CAE4F1F68437FA570C612BE606DD10ECAE1
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&<.e.h...h.l...i.}...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z. ...|.&...}.8.....@.....E.....M.....U.....].....d.....k.....r.....s.....t.....v.............................Z...........z...................................k...........P.....l...........G.......................x.........................................c.................>...........).....l.................n.................&.......................\.................-...........Q................./.......................0.......................*.......................B.......................[.......................^.......................K.......................D.......................o...........S.....j...........0.....^.....|.................4.....R.................X.....t...... ..... ..... .....!....[!.....!.....!.....!....[".....".....#....!#.....#.....$....Z$....z$.....$....x%.....%.....%....f&.....&.....'....>'.....'....I(.....(.....(.....)....^).....).....).....*.....*.....*

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fr.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\gu.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1177779
                                                                                                                    Entropy (8bit):4.338116428198543
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:C3T12vbLPxCoYITYsRvc38ZUd02GHIwjAwREJKVMjNiT7llj63rhJXlPCKMi5eWt:dTbYITncQi02JCWJL5DAhc2T2
                                                                                                                    MD5:D77AEE1AB6AF4FC83813A69D3CA61E46
                                                                                                                    SHA1:C0786021AF8C8BBB083E9C4104B68BD28537893A
                                                                                                                    SHA-256:5D5E20C5F0CA21D8F1824EEBE8E595FAD4D0E601B224F4433B355A21B643971F
                                                                                                                    SHA-512:78C2589BC37594236D5B01C4C6C0CB934CF9CCAE15679159E1BCE64E3F5A3C903F9F7127D0DA8C317FD085A70EDFFDCAC413B4F2627BF14B862794B47BBA042A
                                                                                                                    Malicious:false
                                                                                                                    Preview:........+&".e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.&...v.;...w.H...y.N...z.]...|.c...}.u.....}.............................................................................(.....`.................j.................Z.................F.....).............................#.....L...................................=.......................U...............................................|.............................E.....q.....n.....i...........+.....N.....\ .....!....D!.....!....n".....".....".....#....H$.....$.....$....O%.....%....?&....X&....$'.....'....=(....h(....$).....)....?*....a*.....+.....+.....,....),.....,....}-.....-.....-..........S/...../...../.....0.....1.....2.....2.....3....74.....4.....4....;5.....5.....5.....6.....6.....7....08....V8....a9....,:.....:.....;.....;....s<.....<.....<.....=.....>.....>....)?....)@.....@....mA.....A.....B.....C.....D.....D.....E.....F....vG.....G.....H.....I.....I....*J.....J.....K.....L....4L....SM....0N.....N

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\gu.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\he.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):728589
                                                                                                                    Entropy (8bit):4.658856122190603
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:W5SDjhr3FluYMy31frspm29Wqu/kQl4JACVXbfeQCajLn5l67co+oiNB05elmmdi:W5SdY5/oP
                                                                                                                    MD5:04C846A7F65C1E95E49CFE69EC9EEB45
                                                                                                                    SHA1:78142FD5545EE76B1F90FF5DF6FB7C01D797F3D1
                                                                                                                    SHA-256:AFAFB0DADD253E7F665FCB0D9D562D243E32D774B6ABDF602B66734F310E689B
                                                                                                                    SHA-512:029F45EE02DAD7D3431B223F5516937E34D685026488BA2DBF7C43FFDEDD1240FA119C349E4F5052CA3FDE109215D6D8813A43297A7E4EDB5D9B063192AC775A
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%N.e.D...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............!.....).....1.....9.....@.....G.....N.....O.....P.....R.....i.......................}.....3.................g...........%.....>.........................................a.................x.................E...................................=.....m.........................................s...................................q...........8.....Q.......................E...........+.....V.................m.................I...........!.....8...........*.....j.....}...........s.................B.......................s........... .....3.................\.....o...... ..... ..... .....!.....!.....!....."....?".....".....#....>#....b#.....#....Y$.....$.....$....g%.....%...."&...._&.....&....''....H'....a'.....'....D(....u(.....(....4).....).....).....*.....*.....+.... ,....D,.....,....l-.....-.....-.........../....b/...../.....0....u0.....0.....0....~1.....2....k2

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\he.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hi.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1250127
                                                                                                                    Entropy (8bit):4.3103395858193565
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:AubcffOrA0yUdRSM7vyWYfbXpgTMoV/BB0ZV1d1AuxXRLiW3Jk1eTByntDPtDl+U:AuAf2E0yjUv3MlgTMJem05f5xhbv
                                                                                                                    MD5:114BBD0D21C90DDFCE1D6E26432B7B9C
                                                                                                                    SHA1:EBFC476B4D742D9FDF5D0E78996748497EB0B4FF
                                                                                                                    SHA-256:E2321752811548A92EF069E53ABE349CAA93BE5596A2579DDE65391EE7CF915B
                                                                                                                    SHA-512:6195FC185F8297CA1C38B79339F86F0788B342A90B0E98F1ED5883CBE61725000B1653E911EB749351BB74802B8E75199DCF0C95D903A4422755E809A6A1814D
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%_.e."...h.&...i.7...j.C...k.R...l.]...n.e...o.j...p.w...q.}...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....R.....w.....................................................g.............................8.....+.............................6.................~...........y.................+.............................8...........^..... .......................W.......................................... ..... .....!.....!....."....y#.....#.....#.....$....b%.....%.....%....s&.....'....M'....f'....=(.....(....b).....)....R*.....+....d+.....+....3,.....,....3-....O-.....-................./...../.....0.....0.....0.....2.....2.....3.....3....x4....#5....p5.....5....76.....6.....6.....7.....7....n8.....8.....9.....:.....:....A;.....;....O<.....<.....=....]=....Q>....-?.....?.....?.....@.....A....BB....zB.....C.....E.....E....+F....9G.....H.....H.....H.....J.....J....~K.....K.....L.....M.....M....:N....7O.....P.....P

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hi.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hr.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):562949
                                                                                                                    Entropy (8bit):5.503469092776888
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:5pEDgLd6TlZ/9yZuYUapEXgaBV08L7SkK7D+wwWrDfB+uhAxqOSAq6+xMcwd0uPJ:HEDjTMzU0EV7xHwPBhbKBc5ag7yIjR/K
                                                                                                                    MD5:54308E58D399D0F1C4E66A4A4B6E3B59
                                                                                                                    SHA1:8DFCE74D45801654531C78E34CF6A6C2E4BA5556
                                                                                                                    SHA-256:8141D126CD8ED7CD29B998E4A778E81AEC043BC126B5D2B0FB62F95C5FBF1F62
                                                                                                                    SHA-512:33C74ACE0F430D2E7963512075007DCA70ADCDD43FCE31A27F925351CEB00CFECE329EC5E9B60DACFF7E28DA322FC9CEFF3FCD9AE3A7BB6655400F1A580C3EA2
                                                                                                                    Malicious:false
                                                                                                                    Preview:........F&..e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.......................................................................................................C.................0.......................c...........#.....B.................R.....h...........".....T.....d.................2.....B.................G.....l...........i.................D.......................k...................................L.....g.............................e.......................C.............................U.....v.................I.......................D.....r.................L.......................A.....l.....|...........'.....T.....d...........T.......................Z.....|.................@....._.................(.....U.....l...........K.......................m.................. ....u ..... ..... ....G!.....!.....!.....".....".....#....t#.....#.....$....n$.....$.....$....9%.....%.....%.....%....'&....p&.....&.....&.....'....|'.....'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hr.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hu.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):605952
                                                                                                                    Entropy (8bit):5.638270541961174
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:n0L6iTfLsgtbgq0LcP9wHs8DfcAujkatvV5RvBFZfpduYG3b7ZNIeHK9njDi59Rj:iTfrtcFQA0V5RvBn0zzKY5u0vv
                                                                                                                    MD5:B7AA52653BBABCC713A03067E6FCFCC3
                                                                                                                    SHA1:B18CC0B968C4C0F156E33F5C493E6C09760161DD
                                                                                                                    SHA-256:244BE241E2FD68882ADB0C1A1C4AE93B1406AE22CCC14BCB37FC09FE3C2831A5
                                                                                                                    SHA-512:CB393247F79F1A6CDD685AD9729D0C7FD3BFADB5591CD822A4F92BA19448E50C148517DC0DDC14C37243CC0145A5AB17D27C45CCEBDCCB76CEC70C1B444D07C0
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&L.e.H...h.L...i.]...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....W.....g.....}.................T...........u...................................f...........L.....f...........^.........................................(.......................{...........-.....^.............................s...........(.....:...........!.....c.....s...........v.................k...........W.....v...........j.........................................).......................q...........M.....d...........n.................>.................+.................W.....l...........r.................C...........(.....>..........." ....I ....e ..... ....0!....\!.....!.....!....L"....."....."....4#.....#.....#....&$.....$.....$.....$.....%.....%.....%.....&.....&.....&.....'....c'.....'.....(.....(....%)....4).....)....[*.....*.....*....s+.....+....:,....V,.....,....$-....U-....q-.....-....b.......

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hu.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\id.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):500354
                                                                                                                    Entropy (8bit):5.374540321275158
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HDTG/Veh932Bmcwf/yG+wFZf+MVnjHF3mmi8IxZ5GZhWwkK5cTSzo7IEji4JHw:HHG8h94sXyMFTVnjHFWmNIb5GZhow
                                                                                                                    MD5:0EFA0011CE0365AE4AFC08753F559098
                                                                                                                    SHA1:6AFC5115DFC222F0F2B2265A591B571803787DCA
                                                                                                                    SHA-256:A780C4E8E48CBDF2064CFF3E9E025103739B3763E3B82DDD99C97DFFF8FB1CE2
                                                                                                                    SHA-512:21C34901F5260606F14FE0E004851AF4DFA6960C28872417FB995ADAC4B2652609D9C0F5F30C0F76F4287217ADCDC0ACF1545CBD4E5A6F4B15565668840BCB75
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&3.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................@.......................`.......................Q.......................m.......................p.......................N.......................8.......................@.......................4............................._......................._.................!.......................(.....e.......................$.....I.....U.......................!.....|.......................c.......................>.............................e.......................L.....~.................?.....u.......................(.....9.............................b.......................C.......................'.....c.....}.................=.....k.....z...........6.....r...................................Y.......................l.......................B ..... ..... ..... .....!....q!.....!

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\id.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\it.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):558299
                                                                                                                    Entropy (8bit):5.272942823509238
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:qrF11tFO6w7oWhI7xO2/IJ/jNLiISIqRRRsO1StiRT9TjexKqcQxLcaPpzHi9fLN:u1tFFehoXFZxR8g26sjoh59koF
                                                                                                                    MD5:12FFE0FC0BE1B4134F219BD3B6D8F550
                                                                                                                    SHA1:DC14159AEA6643FEED260C3E3EB9BF4286FFFD9C
                                                                                                                    SHA-256:4FFAADC42BB0F78B78061EEC23B39BEBF34BA3B9B4F2CD0415FD3C94B2C828D3
                                                                                                                    SHA-512:423EB3AA074617C8FB64EA909CF860C8706B73B5CBC97D85D21E9298DC53CF9451DECCB1DE45B19377E8E2461D78282D587264340BCE8F487AD48B0DDEE55123
                                                                                                                    Malicious:false
                                                                                                                    Preview:........)&$.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}.........................................................................................w.................X.................2.................'.................g.................(.....O.....].................$.....3.................L.....v...........n.................X.......................y.................".................?.....X...........R.................'.....s.......................W....................... .....G.....R.................\.....n.................J.....U................. .....).....x.......................Q.......................Z.................,.............................U.............................d.................(.......................c.......................>.....|.................J ..... ..... .....!.....!..../"....."....."....<#.....#.....#.....$.....$.....%....W%....m%.....%.....%.....&..../&.....&.....&....:'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\it.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ja.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):677279
                                                                                                                    Entropy (8bit):5.7261443457831875
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:5mNTLdjIcq5eHWv0WSGRBZ6Q2T+NbX5+Fo1Vi:5mNTxqe2ccBZ6Q2T+h5+FF
                                                                                                                    MD5:A92DA679A63FB99BB5F3BCF829168D21
                                                                                                                    SHA1:F15AA9BA6A952490DD881C82DED179FE03E50E80
                                                                                                                    SHA-256:F78FEB7523A3B4C795AC02EB66FD455B0F490257549D681B7AA07255E99AB9D9
                                                                                                                    SHA-512:3055528033206B6F32371A1BA05633614C0A3A9AF4FE2326FA3E6689BF535D5D540D926E08963FB668B02EEFF216DC2ECABED035C821C83E5D96CD2ED1531835
                                                                                                                    Malicious:false
                                                                                                                    Preview:........e%..e.....h.....i.....j.(...k.9...l.B...m.J...o._...p.l...q.r...v.~...w.....y.....z.....|.....}.....................................................................................1.....O.....p...........+.................'.................Z.....r...................................|.............................9.....K.................F.....V...........R.................@.................%.................8.....H...........#.....T.....c...........D.....{...........3...........5.....P.................6.....R...........S.................A.................*...........d.................`...........2.....A...........=.......................}.................P.................1...........j.................j............ ....: ..... .....!....Q!....r!.....!....^"....."....."....f#.....#....*$....d$.....$.....%....>%....M%.....%....R&.....&.....&....''.....'.....'.....'....z(.....).....).....).....*.....*.....*.....+.....+....1,....w,.....,.....-.....-.....-.....-....k...........4/....O/

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ja.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\kn.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1341496
                                                                                                                    Entropy (8bit):4.250874916501427
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:v/9cYunn57Dz6f03QIBR0UInI7L5IazUG4pt+h9lcQ:nCYu5i25PUS
                                                                                                                    MD5:F13C1631BB1E180C07CB10C5142CEC74
                                                                                                                    SHA1:BD3B971893D3CE2206EDD040ED0EAB9BA010BD18
                                                                                                                    SHA-256:3A63D9B5BDECE8442ACA6971771A660BCEAE995CA96394FA88B024FEF3C93BF7
                                                                                                                    SHA-512:9122A55CE0E09ADAFE0162337B518228441D9A852E68761BFB62B656415F25386B3DB41279699F8035BE3BB3EA003FCBA91B5D5FC6EC538EF79E9486A488280A
                                                                                                                    Malicious:false
                                                                                                                    Preview:........M&..e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.X...t.a...v.v...w.....y.....z.....|.....}.........................................................................(....._.................j.......................A.....I...........X.........................................]...........Y...........P...........q.....:.............................q...........2.....A...........y...........S...........".....1 .....!.....!.....!....)#....?$.....%....Q%.....&.....'.....(....@).....)....r*.....*.....*.....+....@,.....,.....,....U-.....-....>.....S.....6/...../....w0.....0.....1....?2.....2.....2.....3....B4.....4.....4.....5....p6.....6.....7.....7.....8.....9....@9....b:....a;....!<....P<....3=.....=....Q>.....>....>?.....?.....@....,@.....A.....A.....B....`B.....C....PD.....D....eE....MF.....F....RG.....G.....H.....I....'J....yJ.....K.....L....TM.....M....(O.....P.....Q.....Q....8S....6T.....T....lU.....V.....W..../X....|X....IY.....Y....\Z.....Z.....[.....\....]]

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\kn.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ko.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):569413
                                                                                                                    Entropy (8bit):6.084713993678112
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:OA7Ny//OV2Ngi7QFIyjxMSVG0GTin8t8OQ4E3hvaYrSCqD5tEp7YqGT8U13Xq7hy:OA7Ny/oZO5L8frCT
                                                                                                                    MD5:E8448C3D352C76C1C0F2B9F508852D9A
                                                                                                                    SHA1:2B7FE9F0A49FE3428E467A4214D0E7EC79CF7B52
                                                                                                                    SHA-256:30D515F2E086A7773DD3C7B5E6504729B6D91D9FA7174C3226EB3553F900BBF2
                                                                                                                    SHA-512:AE4144323E7EB2C2C97F336EE144C0C739CB5500F7FF382469CB4CE33DBAE35078EACD85F50381912C9D4367DFC9CBCB6C7C7BCE8314A0351B14F950A2209184
                                                                                                                    Malicious:false
                                                                                                                    Preview:........>%..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s./...t.8...y.M...z.\...|.b...}.t.....|.....................................................................................................A....._...........8.....y.................p.................3.......................Q.......................V.......................e.......................v.................+.......................!...............................................+.................{.................D.....h.................%.....J.....Z.................%.....5.................W.....s...........7.....k.....{...........B.....v.................E.....u.................C.....t.................y.................:.......................*.......................5.......................O.................#.....t.......................?.......................B.......................U............ ....& ..... ..... ....0!....G!.....!....."....>"....Q".....".....#....$#....7#.....#.....#....($....;$.....$

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ko.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lt.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):611429
                                                                                                                    Entropy (8bit):5.6299671018290445
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:QQtetgAZbMAUbgO9aG1DT/G57szII1JgNf6SMM:QDgiMQzOG55IngN/
                                                                                                                    MD5:F6F5B593C91B7820C9552FFDDFAC03FC
                                                                                                                    SHA1:D771AC14A49C7654043D0AE2DC52239BF4636F65
                                                                                                                    SHA-256:FFE7EAC4BC39085977C28BF8BA0060B9A12471C3914A30DF1C46305926242BB6
                                                                                                                    SHA-512:45D3580D456F6972259055BFFEDE8745C922DFE2703BCF3A545E73211164E3CA594A56330A2A17EC373AB060C05A7776D88DFBAB5014081948A5F89A849F793C
                                                                                                                    Malicious:false
                                                                                                                    Preview:........&&'.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................v...........d...............................................i.................z.................D...................................?.....V...........P.................3...................................D.....U...........C.....}........... .............................&.....t.................t.................#.......................N...................................E.....X...........L........................................._.................(.................C.....Q.............................h............ ....( ..... ....9!....s!.....!....."....."....."....."....m#.....#....*$....]$.....$....4%....V%....i%.....&.....&.....&.....&.....'.....(....J(....n(.....).....).....*....!*.....*....*+....h+.....+....&,.....,.....,.....-....j-.....-.....-................./....Z/

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lt.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lv.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):610750
                                                                                                                    Entropy (8bit):5.626685122127425
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:IbsBLMwr28cTB6aTmNstVFpM6Y97vccj/kbO153ySAbEwT4757esFOHAYXSIENAs:FL8PXVY9rrV15SEwTW5tOmAhm
                                                                                                                    MD5:8D8244CEA7D00E7502CFC62908147BB7
                                                                                                                    SHA1:2ECF5C264208555EC5BD4530544CC0AEE99F558F
                                                                                                                    SHA-256:C9722A6B132E9EF5BCA53565BCBC2CB3C40CB8954F2286250AD15FAFC0D2DCC1
                                                                                                                    SHA-512:B5B98ADE8D7EA25477D12CBEB6B1F07FEC5625583B8CC695755195B1EEF0D380C72AE4609955D230B4FD6109AA6B778421E7EAE9D7086FEC03CFF93C93D91791
                                                                                                                    Malicious:false
                                                                                                                    Preview:........J&..e.....h.....i.....j.....k.....l.....n.....o."...p./...q.5...r.A...s.R...t.[...v.p...w.}...y.....z.....|.....}.....................................................................................$.....@....................... .................T.....g.........................................Y.....x...........W.........................................O................. ...........e.................H.............................&....._.....r...................................*.....z.................f.......................o.......................}.................5.................$.................:.....L...........:.....q.................i...............................................#.....u.................P ....k ..... ..... .....!.....!.....!....5"....."....."....."....j#.....#....:$....t$.....$....A%....a%....z%.....%....~&.....&.....&....J'.....'.....(....%(.....(....|).....).....)....z*.....*....5+....[+.....+....V,.....,.....,.....-....r-.....-.....-....4............/

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lv.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ml.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1394062
                                                                                                                    Entropy (8bit):4.285571867304228
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:MYNjRdBR8QA2cMmsbbAx4LJxFq/ixn9mMy6UQ6KfUBp/AZCBEmeyo3ewhp5O47uW:RZRltMTKfUBpUyo3eo5O47xs4+3e
                                                                                                                    MD5:979090995F7F9DBFA9FA9A96349DA745
                                                                                                                    SHA1:6D9425EB6D3FF6B433A2FFD89DFFB3AEDCDE3588
                                                                                                                    SHA-256:C27AC1727F3A3A25ABED09CBF07DA604DD1C42A1855851E63DFCDC9831091EDD
                                                                                                                    SHA-512:4D734D7903DD4C39A2392EDA7B6A65929E61FE105ED843718D5CAF8D93DA9FF14A8908B896425335FCE9CA5AE717C29C80E7D85A2A6B80DF9F4FAC8F7A558F38
                                                                                                                    Malicious:false
                                                                                                                    Preview:........G&..e.....h.....i.....j.....k.....l.....n.....o.....p.)...q./...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}...............................................................................b.................T...............................................c.................................................................\.....M...................................8............................................................ .....!....s".....".....#.....%.....%.....&.....'.....(.....)....2*.....*.....+.....+.....,.....,.....-....".....P....../...../....40....h0....J1.....2.....2.....2.....3....I4.....4.....4.....5.....6....#7....W7....C8.....9.....9.....9.....:....i;.....;.....<.....=....?>.....?....C?....-@.....@...._A.....A....\B.....C....PC.....C....nD....;E.....E.....F....BG....*H.....H....HI....,J.....J....TK.....K.....L.....M....NN.....N.....O.....P....IQ.....Q.....R.....S.....T.....T....&V....-W.....W....=X....kY....fZ.....[....Y[....J\...."].....].....]....+_....:`.....a

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ml.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\mr.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1147816
                                                                                                                    Entropy (8bit):4.319695697825778
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:p+xh0ke1h+Fnhb0paSpgKZmTDAyyLj5QpYGde:p+TUA0paSppZ+Ayyf5QpYGde
                                                                                                                    MD5:7862ABEC5008FAC0A8924B65B3058C05
                                                                                                                    SHA1:BC6A3F405835E3F3290CB521CA2A9AC85EAECDC4
                                                                                                                    SHA-256:44056C45DE472FF1A5037FC24CC2417218CF4FA500B6A7158BD8AA221268B69F
                                                                                                                    SHA-512:C91A1DCC08EAECF7F99B37684E02F3F89D18DBAF24B2BF3849CE78965A38E8A995ABBA03C0F8F20420AA15519439F0C662165BAA6A31BFE3CF994AA51F67C8F8
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%O.e.B...h.F...i.`...j.l...k.{...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....\.....~.......................c...........Y...................................$.....Q.....'.....x.....~.....{...........4.................".....d.....0...........d.................l...........&.............................%.....(........................ ..... ..... ....."....3#.....#.....$.....%.....&.....'.....'.....(.....).....*....E*.....+.....+.....+....),.....,.....-.....-.....-.........../.....0....f0....N1....$2.....2.....2.....3....G4.....4.....4.....5....G6.....6.....6.....7....Z8.....8.....8....$:....M;.....<....N<.....=.....=.....>..../>.....>....t?.....?.....?.....@....^A.....A.....A....&C....!D.....D....7E....!F.....F....?G.....G.....H.....I....=J....~J.....K.....L....@M....sM.....N....#P.....Q....3Q.....R.....S....1T.....T.....U.....V.....W..../W.....X.....X....)Y....RY....sZ....g[.....[

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\mr.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ms.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):524044
                                                                                                                    Entropy (8bit):5.251286724342732
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:SgRSValNdUMLjehAr7nQjBx7+27fldjiMIUcGm95AIHxOMVLLEWVHs:SOSmu0jeAnEx7BldPc95n0Mu
                                                                                                                    MD5:5EE8AEFF66C42600D73F9CB7D8366CCE
                                                                                                                    SHA1:DAB706F52B7F6099286D659EFC24ADBAD9F5A4F2
                                                                                                                    SHA-256:A87B9926FBC7C17D884ABE1D8E4B81335476B00FFE76196E38AF8542E2D7881D
                                                                                                                    SHA-512:96145B505C3726878162EF4AE328F08888F1CBCF3C3D8AADFCE4E72398651D1B120C4D219176E107F99BD682D968D3C8F02AA8BF600007033AAC07064127A8EA
                                                                                                                    Malicious:false
                                                                                                                    Preview:........S&..e.....h.....i.....j.....k.....l.....n.&...o.+...p.8...q.>...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.....................................................................................5.....L...........S.................'.......................;.......................m.................0.............................}.........................................*.................^.....v.................C.....L.................".....-.................&.....7...........(.....{.......................9.....K.............................i.......................O.......................\.......................U.......................E.......................5.......................C.......................f.......................N.......................).....u.......................^.......................>.....V.....b...........#.....T.....c...........0.....q............ ..... ..... ..... ....S!.....!.....!....."....k"....."....."....."....G#.....#.....#.....#.....$....o$.....$

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ms.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nb.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):508553
                                                                                                                    Entropy (8bit):5.428763068409714
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:h63MVtpURb8w5Op7fQ9S8GNxRV5/n4FJFEWt:h63MVXUa65GNxRV5f4jFP
                                                                                                                    MD5:40B668B73BBF3575D009F3D528D388E5
                                                                                                                    SHA1:E7186E4796216615F388C8A8058D898C4913F2FD
                                                                                                                    SHA-256:8813FA272B1A12042C75B97848605C8DA7D306AC7AAA4F231D41EE98D9E70538
                                                                                                                    SHA-512:8858E78493FBDBE1B2B99BCE75DAAC585F40EEA2612D80D82850F7957F0EF69C3A1F3DC7C011427CB1E64CD667031DEBD3B3D160BB9C2146224377A99B74798A
                                                                                                                    Malicious:false
                                                                                                                    Preview:........*&#.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}...............................................................................................}.................[.................3.................!......................./.............................v.......................w.................&.................H.....k...........x.................R...................................S.....m.............................L.............................m.......................P.....u.................L.......................X.......................^.......................S.....|.................J.....x.................p.................&.....~.......................b.......................G.....i.....{...........h.................9.......................? ..... ..... ..... ....T!.....!.....!.....!....b".....".....#.....#.....#....+$....u$.....$.....%....f%.....%.....%.....%....A&....^&....l&.....&....6'....e'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nb.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nl.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):525362
                                                                                                                    Entropy (8bit):5.366124885898627
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:TZpCbai+lbWusvbgQ5Pax5ttonxEGp7KY8OTy:3Cmi+lbWusB5Pax5tenxEGp7KYH2
                                                                                                                    MD5:6E38F51EBC9B4AF616C984ACFEF7323E
                                                                                                                    SHA1:1D871E09B051CDF1429FBB68FC43B7631DAD9438
                                                                                                                    SHA-256:E3ED1D14209965FACA5AC6A2B4026A4A28D21F5096E0C44943E731279190D540
                                                                                                                    SHA-512:4124F5ED6E9AC7701837AAE5458DB96DF8303FFF05ECBAB40D938CF0FDE3C5F2F696D07F0BE2227040A14336D2701F8A76342550419630F51C073070DC705492
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&3.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................U.................4.................@.....T...........;.......................c.......................[.......................?.....g.....u...........M.......................}.................4.......................=......................._.................(.................g.......................C.....W.......................$.....y.......................h.......................j.......................O.......................,.............................v.................,.......................N.......................?.......................".....x.................&.......................B.......................$.......................C.......................z ..... ....P!....a!.....!....O"....."....."....##.....#.....#.....#.....$....j$.....$.....$.....%....`%.....%

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nl.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pl.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):587942
                                                                                                                    Entropy (8bit):5.759897632158159
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:l2o5czDWoOB/kbwvGfQfR6HAEbFVP+CUdCe3mUUFMAmW1Qh4Mh5vJ14scsy:woGYabMe1Qhz5cR
                                                                                                                    MD5:2D6468A89698A05B8522F679825572D3
                                                                                                                    SHA1:52EC81BC896051ED8A865B44C58F82EABA6B89B9
                                                                                                                    SHA-256:477E505459C80A8477FA6EF1B8A0FAF16C5E450B69CF922C37BBE020A088E695
                                                                                                                    SHA-512:59A95F05D071C739D4DC1456B856D0283AD3D99AC35EC300EC38E76AB236BA6D6E83598D0823D46C07D62EE0457F2958C682F4EFA3EADB824A254F48387EC538
                                                                                                                    Malicious:false
                                                                                                                    Preview:......../&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z...............................................................................................(.......................{.................Z...........$.....B.................F.....\.................=.....Q.................P.....b...........9.....o...................................h.......................~.................&...........#.....n...................................w.......................7.............................I.....j.....x...........A.....z.................I.....|.................C.....t................./.....[.....k...........'.....[.....l...........V.......................U.....r.................2.....S.....y...........(.....i.....~...........P.................#.....i.................. ....Q ....w ..... .....!....p!.....!.....!....R".....".....#....,#.....#...."$....e$.....$.....$....J%....w%.....%.....%.....&....7&....F&.....&.....'....\'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pl.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-BR.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):551569
                                                                                                                    Entropy (8bit):5.417670979179483
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:fl4UKe4ouC2NBXBL1WkoyVH5gcJBM90sRaY5K/:WzeRf+5TJ/sR15G
                                                                                                                    MD5:FBD585195E35E49C60A9190FBF815E86
                                                                                                                    SHA1:F88FE564784D0441A304A4B126DE27FB2B0412EE
                                                                                                                    SHA-256:ED647E78BC3E89A6322A7198DD1875034AC3CDA355BA6837EA0D4686D56712CD
                                                                                                                    SHA-512:22596E824D2226C8E0773F323FDDCB1A0C7523EE2077C38205EDB5B11EF15DE3C5768B8C598A781BDC49BE91C3B1B22BA92C3DA5E0BE6ACB5DF42670487E68E0
                                                                                                                    Malicious:false
                                                                                                                    Preview:........2&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z.....................................................................................................).......................m.................I...........5.....R.................Q.....f.................6.....F.................%.....>...........2.....x...................................x...........$.....5.................:.....N...........<.................4.................$.....s.......................S.......................Q.......................T.......................W.......................9.............................g.......................\.................).......................^.......................-.....y.................P.....{...........$.................$.....p.................. ....T ....{ ..... .....!....^!.....!.....!....H".....".....#....2#.....#....3$....}$.....$.....%....Z%.....%.....%.....%....2&....X&....m&.....&....E'.....'.....'.....(

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-BR.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-PT.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):555353
                                                                                                                    Entropy (8bit):5.392038775374042
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:B2lInvsb1Nq9rX7YZieJVJJxhQ3shYfVh85IKlbSRDF:EAvsb3qdXj85IK1SRB
                                                                                                                    MD5:C64146716C2A401FEC538E4C79785144
                                                                                                                    SHA1:3C5D0B45225A39A65C0345E5C98A4E539D807FE1
                                                                                                                    SHA-256:904189CAAEF1E278EE31432F8995BFC150975250FA355683E1CEF1B5C79D3BF3
                                                                                                                    SHA-512:CE8336F4C83E47779169B3F875D8910F7C30CF7BCA2CF77C398C37E32FDC8C01A43B5EF74CFD03C3ABE8E3979454EBB1396CEA7449640025423D2B1F565A5C0C
                                                                                                                    Malicious:false
                                                                                                                    Preview:........I&..e.....h.....i.....j.....k.....l.....n.....o. ...p.-...q.3...r.?...s.P...t.Y...v.n...w.{...y.....z.....|.....}.....................................................................................".....4...........H.................&.......................u...........U.....p...........[.......................f.......................G.....t.................t.................Z.................2.................K.....X.................W.....g...........9.........................................e.......................P.......................H.......................X.......................`.......................K.......................$.....z.......................h.........................................H....................... .....`.....z.................O.....|.................o.................>........................ ....o ..... ..... ....*!....{!.....!.....!....i"....."....D#....\#.....#....L$.....$.....$....1%.....%.....%.....%....@&.....&.....&.....&....3'.....'.....'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-PT.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ro.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):574388
                                                                                                                    Entropy (8bit):5.451836104471441
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:NTIexSy0/AfWKXEjvyJe/FoMxOINkjK0yGZq5BZyo2cs2V/qE53:NTIeTOKXEuJUFoyO/u0zq5BAor/d3
                                                                                                                    MD5:C613CAB2C2D6AC5B88E21FCB65671F19
                                                                                                                    SHA1:291D545427FEAF8DA9DD75679ADA1BB70C66EB47
                                                                                                                    SHA-256:8EDD01CC74EB965CFA4CB35249097D114F554B8D80883D7C7E335A857F33A810
                                                                                                                    SHA-512:1E826936C1636F7D5DA9870DD362984E2DEDB8F3BFFE3F64D8615BC955F4A1C2E988E7FB60387743949C200DF073FBB7B27DC3B6A66BA9D7950571CA2DD2FE57
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}...................................................................................{...........Y.....s...........4.....m...................................y...........$.....C.......................%.....|...................................".....S...........A.........................................P.......................g.................#...........3.......................U.....s.................&.....K....._.................$.....4.......................4.......................+.............................Y.......................8.......................S.................5.............................W.......................V.......................q.................\.......................$............ ....; ....V ..... .....!....Z!....o!.....!....l"....."....."....a#.....#.....$....7$.....$.....%....F%....^%.....%.....%.... &....6&.....&.....'....s'

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ro.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ru.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):941599
                                                                                                                    Entropy (8bit):4.851052751447414
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:tqeL4fQjRo4Y+5NMx/K69zJ9ZFdAal2a4qSGsN9z/0TYH8eXN2hVO3j/tSbzvMBS:tKgk5b6tS
                                                                                                                    MD5:36D9CBBB31930EB5B78378EC63751BE6
                                                                                                                    SHA1:5D123C38941CC4E59570254909291B29970F0CE1
                                                                                                                    SHA-256:DE90BA6507DC032C853FC61BDBF9218A29FF70379B571B1F4F3D7A28C3902479
                                                                                                                    SHA-512:EACCC7FBDF3E9D9C9EB1A602C1BF17C8BAFC920EBD058C4D2C496B95BB1B3FABCDFC87D1747BFD8CD404DE75C887038A99717BE7960BC808B632039EC9F80A06
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%..e.H...h.L...i.]...j.i...k.x...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}....... .....%.....-.....5.....=.....D.....K.....R.....S.....T.....V.....s.............................P.......................2.......................c.......................!.....f...........O...........W.....z...........,.....p...........;...........-.....i.....\.............................,.....~...........Z...........;.....`.................B.....o.....s.....m...........<...........O.....|...........=.......................~.................9...........>.....w...........B............ ....A ..... ....D!.....!.....!....."....."....."....."....a#.....#.....$.... $....2%.....%....~&.....&....3'.....'.....'.....'....s(.....(.....(.....).....)....+*.....*.....*.....+....M,.....,.....-.....-.....-....%.....7...........f/...../...../.....0.....1.....1.....1.....2....A3.....3.....3.....4.....5....:6.....6....87.....7.....7.....8.....8.....9....E9....^9....6:.....:....S;

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ru.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sk.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):592404
                                                                                                                    Entropy (8bit):5.807054231111397
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:phWgwEC/qsIkBr7iIip+RC5y+dbLxrQzLPxt9eH:zWR/qsx7iCC5NLaBtEH
                                                                                                                    MD5:59822645439846B0A211C8566E7CF90E
                                                                                                                    SHA1:F4EDAE1B34DF718FD72EBEBD6DC9E36CFEF95584
                                                                                                                    SHA-256:60319C30E94770472017E83ED0309A8F134F0D60E38261F53517EA23E9658C09
                                                                                                                    SHA-512:E2A7295BBFD5E721C765F90FAE0AD1420902A916E837E1B0BD564BB9EB553908EADEA58739F21D75C9F38CD3D1E821DCF14545884462FAA3F70617AFC764B84A
                                                                                                                    Malicious:false
                                                                                                                    Preview:........2&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}.....................................................................................................S.................W.............................&.....u.................`......................................... .....z.................6...................................Q.....t...........k.................1.......................u.........../.....F...........k.................9.....................................................|.........................................S.......................h.......................y...........'.....:.................F.....Y...........s.................(.....v.......................Z.....v.................U.................- ..... ..... .....!....o!.....!.....!.....!....s".....".....".....#.....#.....#....@$....Z$.....$.....%.....%.....&.....&.....&....8'....Y'.....'....*(....Y(....m(.....(.....)....>)....R).....)....I*.....*

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sk.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sl.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):568760
                                                                                                                    Entropy (8bit):5.4785168337779435
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:1Hr7a+NC5qB2r+JpEE5U8c2JHvbxi/fz8lqc:1L+UC5fyEE5U8cAi/fz87
                                                                                                                    MD5:970F310ACBAFA4A29E0CFA5C979DF397
                                                                                                                    SHA1:B1C20EEFC61785C3CBAF7D6D3B5FD2B144CC1EF5
                                                                                                                    SHA-256:B4EFD0CE0957A00E2E617A3E595B471ADFDFBDEE333C14BA41B8DC8BB5653324
                                                                                                                    SHA-512:D1DF03814C42819F94A7CF3FA54D699AC8A844C69303CEAED97BA3D3512406161F011120395904B473EACA29D8959B9A14C85D90A880508611E80A46B9D97575
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&3.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.!...z.0...|.6...}.H.....P.....U.....].....e.....m.....t.....{.....................................................[...........=.....V...........,.....].....n...........z.................N.......................S.......................E.......................W...................................B.....c...........A.....{.................e.................1...................................l.................A.....X.....p...........".....E.....U.................:.....M...........0.....l.................G.....z.................q.................&.......................'.......................6.......................Z.......................B.......................9.......................`.................3.................. ..... ..... ..... .... !....4!.....!....."....D"....\".....#.....#.....$....1$.....$....f%.....%.....%....e&.....&.....&.....'....a'.....'.....'.....'....S(.....(.....(

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sl.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sr.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):872667
                                                                                                                    Entropy (8bit):4.788135484665425
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:i5s/IU2p79qWYZAYI8dlSDdrPuzQhrUPb7FW5fZPT0xT7xH47L37SjeUM/k/3:IsZhYIlW5exxB
                                                                                                                    MD5:5E439D9D281D90569CD4AA231FC8B287
                                                                                                                    SHA1:AA8D4E28770F430DD7F93E2B9879748A97C74FB0
                                                                                                                    SHA-256:9082215832960416F3E6B43D2F76869A8632506BFE3A806A1B46C858B1370806
                                                                                                                    SHA-512:C9491A35C082B1BB7C08B732D6F07DBFFA5BB955988141D3C56D3F482D9FA74763EB196AA7F37445808163AB790A0B23091C06F81EBACB94BD164DC72B01A71C
                                                                                                                    Malicious:false
                                                                                                                    Preview:........<&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.%...s.6...t.?...v.T...w.a...y.g...z.v...|.|...}.....................................................................................>.....s.....`.............................:.............................#.....W.................H.....}.....$.............................!.....h...........Q...........@.....{.....{.....9.......................a.......................A.......................e.................$.......................j.................3...........8.....r...........! ..... ..... ..... .....!....J"....."....."....}#.....$....R$....s$.....%.....%.....%.....%.....&.....'....Q'....r'.....(.....(.....(.....).....).....*.....+....3+.....+....9,....q,.....,....8-.....-.....-................Z/...../...../.....0....#1.....1.....1....z2.....2.....3....L3.....4.....4.....4.....5.....5....{6.....6....-7.....8.....8.....9.....9.....:....5;.....;.....;.....<....4=.....=.....=....2>.....>.....>.....>.....?....q@.....@

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sr.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sv.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512705
                                                                                                                    Entropy (8bit):5.538975019723545
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:UoQDiRIZXEr1COYNcNUAvSrZxkmvZl1HI4RFcz9RyoxGOGW3IiRMaSOmDE/xWcqX:DQDRZXllNcGrjr5O57ze
                                                                                                                    MD5:D31FED9E04F8915045F6A2CC7BD4C9FE
                                                                                                                    SHA1:8C68186DC5463D4E45889E8DE021536110B09453
                                                                                                                    SHA-256:931598B71AD77874A64294614BA73B426A717F343674FCEB7BAEE227D4413B9D
                                                                                                                    SHA-512:3C9D2F8F655006722AC5B08E8575EDAC9CCE21061B3A8696B8E772734A12BBFE04C53838DEC475887DBC82501E90A8799ACE71DC49BA05CF766037D001852493
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%V.e.4...h.8...i.I...j.U...k.d...l.o...n.w...o.|...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................!.....).....0.....7.....>.....?.....@.....B.....S.....e.....y...................................Y...................................b.....{...........K.......................V.......................U.......................z.................L.................$.........................................8.....H...........D.................@.................M.......................".....z.......................W.......................K.......................X.......................M.......................=.......................4.......................?.......................T.......................-.....}.......................N.....o.................Y.................$.....z.......................k.................. ....a ..... ..... ....,!.....!....."...."".....".....#....I#....o#.....#....;$....k$....~$.....$.....%....6%....D%.....%.....&....1&

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sv.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sw.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):539452
                                                                                                                    Entropy (8bit):5.338235032300934
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:pGnHmfiscrB5G7CCRdCAUQbQW4243xaKFNUq89F1ggt45JUAcwg6yJMkJPe/Bmqa:pSoo5GH
                                                                                                                    MD5:F0314E8F5AF94C845AB4218468AF3454
                                                                                                                    SHA1:4ABFA3D5D114AE89CB449F83C1267DA3DB0EF8BE
                                                                                                                    SHA-256:0CE0651A673A250FA86E6A9DF4EC490C832F045E07617343F015599687AA84E8
                                                                                                                    SHA-512:11E6CA00ACD7D65495F7C04BA5E558DAAD835C48BD230F616DE62954B9E10FC45E816E049E1ADB858B29D335DA08808B560F04C8A6AED83B62ED722F1968C08F
                                                                                                                    Malicious:false
                                                                                                                    Preview:........)&$.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................u...........D.....Z...........).....h.....z...........m.................2.......................$.....w.......................\.......................f.................H.................,.................8.....H.......................<.................=.....Q...........`.................3.............................Q.....t.....}.................=.....I...........,.....w.................6.....j.....|...........@.....}.................0....._.....l...........&....._.....h...........L.......................^.......................h.................*.....z.................F.......................x.......................S.......................a ..... .....!....#!.....!....."....u".....".....#....k#.....#.....#....T$.....$.....%.....%.....%.....%.....&....,&.....&.....'....['

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sw.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ta.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1387366
                                                                                                                    Entropy (8bit):4.061553280377292
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:cyu/keC6jicF5ZzVtR6cA25tm1vYpiMyg:Yj9F5ZzUcA25tm1vYpiMyg
                                                                                                                    MD5:4411E4698E279FB95ADEA7BE9625F800
                                                                                                                    SHA1:A3C655D334442CF5EF106B92F9778C9B3FBC252A
                                                                                                                    SHA-256:BEABEEA92C3FB9C52C22BADD99D686F1690E3574C75CD7A886320FB2CAC53D92
                                                                                                                    SHA-512:4406ADF5F7BEB86A49695FFF0A3E92E108AC2EE4DAAE46821C74164018FBD72E6D1DDA7C3B689B30A1F19C17B13B0C1BF0537C966ABE88137A0135D04483BF41
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........&7.e.r...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.*...|.0...}.B.....J.....O.....W....._.....g.....n.....u.....|.....}.....~.........................................{.....A.....j.............................n.......................5.....k...........9.....:.....-................................... .....X.....\...........G.......................#.....D.....Z ..... ....@!.....".....#....L$....}$.....%....&'.....'....U(.....).....+.....,....^,....a-....*.....~............/.....0.....0....-1.....2.....2....K3.....3.....4.....5....F6.....6.....7....z8.....8....-9.....:.....;....y;.....;.....<.....=.....>....<>....6?....'@.....@.....@..../B.....C....\D.....D.....E.....F.....F....4G.....H.....H....;I.....I....aJ....JK.....L....bL.....M.....N.....O.....O....yP....?Q.....Q.....Q.....S.....T.....T.....T....qV.....W....eX.....X.....Z.....\.....^....8^....._.....`....Va.....a....6c....\d.....e....me....qf....^g.....g.....h....Pi.....j.....k

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ta.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\te.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1281329
                                                                                                                    Entropy (8bit):4.31693967998977
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:lGfZBWX7McKNsC1ot59d4e/gb0HrWs05Bk3p1FZNViFlJ2wtg+NFqhrOlHXAAFwG:cxBWVZd57MkC
                                                                                                                    MD5:443D47F30632512C7E5A6E142D2A3CA3
                                                                                                                    SHA1:98730D4194266544C204E11E30C1817A5C8DFAE6
                                                                                                                    SHA-256:12267195833FF2F15F99947478C75EEB18923EB125AAF7118A0F398045636E33
                                                                                                                    SHA-512:34A02D50B300E8283A896BA492277FB6D2C16BFEEF88B30344C803D060DC50FA638BECA10F5113EBFE23D6E5882D82D072303112008FA721FF20EA087385C71C
                                                                                                                    Malicious:false
                                                                                                                    Preview:........I&..e.....h.....i.....j.....k.....l.....n.$...o.)...p.6...q.<...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................).....].........................................a.....S...........<.............................>.....W...........1.......................D.....S.....#.............................7.................D...........p.................0 ....q .....!....."....4#....w#.....$.....&.....'....I'.....(..../*.....+....i+....T,.....-....Y-.....-..........|/...../....(0....<1.....2....l2.....2.....3.....4....x5.....5.....7.....7....Z8.....8.....9.....:.....;....J;....i<....9=.....=.....=.....?.....?....d@.....@.....B.....B.....C.....C.....D.....E.....E....+F.....F.....G.....G.....G.....H....rI....3J....kJ.....K.....L....RM.....M.....N.....O.....O....LP.....Q....jR.....R....;S.....T....>U.....U....!V.....W.....Y.....Z.....Z....v\.....]....:^.....^.....`.....`.....a.....a.....b.....c.....d....Kd.....e.....f....Ng

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\te.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\th.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1076392
                                                                                                                    Entropy (8bit):4.3678914271676845
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:lk8N9LyZYAST4z1L/L1XPVLsbhRy1cW+v1H5UJEyL3ftj8wlz9eTRo98GkK9uLAR:lip5h5F
                                                                                                                    MD5:ABFAD720A09628E229EE75C14DCC1DEE
                                                                                                                    SHA1:80A075F9714D4C3BAFF06E1935B304558C3D597E
                                                                                                                    SHA-256:0C8332F2C81038A69282A049FD59EC76F2370F329F9AEFF9A54AE1B0AB83AFB1
                                                                                                                    SHA-512:D43A39699ED5F0E55A4491B726B44CF6238C9FB69C919F5DBFFBF6627221C524737115AC4FF604A1B6208AF7CAD52192CE896A6C57EEBE3A9BB721F9EC57ADBD
                                                                                                                    Malicious:false
                                                                                                                    Preview:........Y%..e.....h.....i.....j.....k.....l.$...o.,...p.9...q.?...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...............................................................................).....S.............................................................................6.....u.................+.....|...................................(.....p.................g...........P.....G...........X...........w..... .......................4.......................B...............................................q............ ..... ....|!.....!....."....."....f#.....#.....#.....$....n%.....%.....&.....&.....'.....(....&(.....(.....).....*....:*.....*.....+.....+.....+.....,.....-.....-..........4/....10.....0.....1.....1....\2.....2.....2.....3.....4....a4.....4....65.....5.....6....M6....m7...."8.....8....(9.....9....=:....t:.....:....y;.....<....b<.....<.....=.....>.....>.....>.....?.....@....jA.....A.....B.....C.....D.....D.....E.....F.....G....FG.....G.....H.....H.....I.....J.....J....pK

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\th.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\tr.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):550618
                                                                                                                    Entropy (8bit):5.609493488679069
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:cHODNEWFOVqzdRdiZmqDhz0yqxv8CcHuki4wge75HX/2+1i1nEedGAMYw/KOe67:4OyqFCmG4zkiN5HX//
                                                                                                                    MD5:CE85F55613C69479E13D011F0B81E3F1
                                                                                                                    SHA1:07C31DF75DEECEC1BC09FFCD473B885EF0467B42
                                                                                                                    SHA-256:EEA13AECCB9DC35CF6E5135BCAB2F376D584CDEFC4B2970ED1126F8C2043AFCC
                                                                                                                    SHA-512:3A6C6015003A09295AB4CA7BBBC421F281E3A8719C56EF9D0BB4448413656778DA7C70D7F67FCBED7051E562027CBD7BCEA84596E48AADA64193AF448002120C
                                                                                                                    Malicious:false
                                                                                                                    Preview:........Y&..e.....h.....i.....j.....k.&...l.1...n.9...o.>...p.K...q.Q...r.]...s.n...t.w...v.....w.....y.....z.....|.....}...............................................................................2.....G.....a.............................c...................................X.....s...........4.....o.................+.....R.....a.................D.....V...........&.....X.....z...........m.................2.......................1.......................>...................................A.....Y.................C....._.................M.....^.................H.....X...........#.....Z.....g...........6.....m.....~...........?.....q.....~...........:.....j.....v...........;.....o.....|.............................S.......................T.......................4.......................G.......................e.......................L ..... ..... ..... ....d!.....!.....!....."....."....b#.....#.....#....z$.....$....6%....Z%.....%....`&.....&.....&....)'.....'.....'.....'....@(.....(.....(

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\tr.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\uk.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):938457
                                                                                                                    Entropy (8bit):4.888192308730272
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:iqzRMYWYPnfzKj0meRi8ICN5ZB3IjMAlLEXdcuKLNiXEqqbQuKz+4uL2uoj:/uSz58E3
                                                                                                                    MD5:E72DBF8C00F7C211D1A220DB30EC7A7E
                                                                                                                    SHA1:8F891C83E0FBAA78A8267CF5B54462BD64DE9C6F
                                                                                                                    SHA-256:B1892427972D0454F8B85AF85DCC074393FFBCB2381EA91EFB2E85EB03FF2A04
                                                                                                                    SHA-512:D1F3E5DBC50B14FEADFC30999C89DB1A0431E4758EE82CF18DA81F991CDF76C3298FD98D3CB3E2AB902A11C8A7E11C6D7645E1ED91ED5F3280A4420C1FB793D0
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%q.e.....h.....i.....j.....k.....l.9...n.A...o.F...p.S...q.Y...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................,.....E.....o.................X.......................Q......................._.......................z...........)...........L.................j...........V.....k.....'.................L.....9...........{...........i...........c...........1...........%.....F.................$.....Q.....@.......................T.................#...........,.....l.........................................8 ..... ..... ....V!.....!....0"....K"....."....\#.....#.....#....N$.....$.....%....3%.....%....F&.....&.....&.....'....t(.....)....?).....)....Q*.....*.....*....*+.....+.....+.....+.....,..../-.....-.....-..........l/...../....[0.....0....\1.....1.....1....d2.....2....(3....U3....,4.....4....25....^5....P6....$7.....7.....7.....8.....9.....:....Y:.....;.....;.....;.....<.....<.....=....U=....r=....F>.....>....b?

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\uk.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ur.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):817673
                                                                                                                    Entropy (8bit):5.177156515939135
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:C7a3H/NvV+8PomRMD2nyBO3QU5ANJhEFZWPOEojYzQYrNwadcJKwU8ueco/9Njjk:Vvvt5LWp
                                                                                                                    MD5:3129155651C81F86E5E2794B0CD15EC7
                                                                                                                    SHA1:FB3D6C2156E1230C099B02171F3E9100FBE542A8
                                                                                                                    SHA-256:67B353376ECC45F0271CB2526B96AEB681F717968C35397F7E53AA43D3D31D08
                                                                                                                    SHA-512:31831DEAD97B53E600317091DC08807D1D040A1FC27753CCEB4104A865583C79E1EC68FE6AB644819EF49F262981ADB6EF38D67CB53CB3FDDD43271780FEFCEB
                                                                                                                    Malicious:false
                                                                                                                    Preview:........-& .e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.-...w.:...y.@...z.O...|.U...}.g.....o.....t.....|.........................................................................................;.....b.......................R.....1...........m...........U...........\...............................................Z.....}...................................\.......................6.................W...........S.....p.....C...........}.................N.............................,.....T...........?.....|...............................................S.....q...... ..... ..... .....!.....!....."....Y"....u"....."....q#.....#.....#....\$.....$....*%....F%.....&.....&....3'....^'.....'....n(.....(.....(....d).....).....).... *.....*....'+....m+.....+....U,.....,....Q-.....-............................./....&0....x0.....0....p1.....1....j2.....2....k3.....4.....4.....4.....5....W6.....6.....7.....7....w8.....8.....9.....9.....:....]:.....:..../;.....;.....<

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ur.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\vi.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):651358
                                                                                                                    Entropy (8bit):5.790776889845594
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:BhaQjDW+cuwJ/roEKaaFoGnXy0bxcPdH9+vUx5WY8hZq94KibJziMHo6wtk1e:B0d+cuwJ/7a3ni0be35N8vq1ibliMI6U
                                                                                                                    MD5:5910DEDFBC84629690DD59478E80B51A
                                                                                                                    SHA1:AF6E9281C779E40ACF1A8A1EABB1AA926AB85F85
                                                                                                                    SHA-256:0832B96542456367261A215719ACDCC394A027C04A4F0C313F9401D6B222F756
                                                                                                                    SHA-512:1BD32EFA3D034442D85D2478EFA8180E11126E80F03097B813CCFD4521039E186342CC9EFAA47809DB9852ADA3541B76E668D43C7A427D2410DAB6C0A1BA1B2C
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%q.e.....h.....i.....j.(...k.7...l.B...n.J...o.O...p.\...q.b...r.n...s.....t.....v.....w.....y.....z.....|.....}.........................................................................&.....7.....`...........7...........U.....q...................................*.................?.................%.....z.......................o.................!...........@.................}..... .................I...........&.....8...........7.................?...........$.....L.......................,.................'.....F...........&.....P.....a...........A.....}...................................V.......................k......................................... .................C.....U.................. ....% ..... .....!....O!....n!.....!....C"....m"....."....d#.....#.....#....c$.....$...._%.....%....)&.....&.....&.....&....w'.....'....!(....D(.....(....>).....).....)....]*.....+....s+.....+....L,.....,....J-.....-..........m.................&/...../...../...../....s0.....1....[1....|1

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\vi.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-CN.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):472125
                                                                                                                    Entropy (8bit):6.686635546459109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:y3OYfu048lFDezkK7/56jOIydpD65imqjNnEwYHB074lK:y3hfu0HjyzX56jOIyz65rcNnEwmBK
                                                                                                                    MD5:79D8DDFE89B3B2B37BBBF85AFD6E6D67
                                                                                                                    SHA1:0D0316D3D1DA0D13D2C568F0FAB9116996998C7C
                                                                                                                    SHA-256:ABBF9199B7751AD09750361E2EE861876EE44D65020B7D1255C45DFF911BCF89
                                                                                                                    SHA-512:5F6B736B835DF71BA67906710BF86CDEB37542642CC03FFE6CC73557C2BE35CE99C5838739B160D26545D7A55E4263DEE7E55E942307F7D8657E3E8FAFDE5114
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w. ...|.&...}.8.....@.....H.....S.....[.....j.....o.....w.....~...............................................B.......................s.......................q.......................|.................2.............................X.......................7.......................7.......................S.......................D.......................*.......................1.......................4.....w.......................>.....d.....p.................#.....2.................:.....L.......................&.............................d.......................<.......................?.......................P.......................'.....u.......................h.......................K.............................H.....T.................6.....H.................?....._...........H.......................n.......................k.......................3 ....Q ....a ..... .....!....A!....S!.....!

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-CN.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-TW.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):469061
                                                                                                                    Entropy (8bit):6.698957808032297
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:bSSfomw9A7NuQRFcjArmJflGj2DuUasg5b57jkzrMOZQyZV7zeHk2Tt:bSSf5wG7NuFjA0xasg5b57jkzbr/7m1
                                                                                                                    MD5:687995F645CB9169DBFC3431E8FCFE3B
                                                                                                                    SHA1:D6931394363D7C479791B32C8AD268786FFCE8AF
                                                                                                                    SHA-256:35A0323EB90FA53859961F832BCB66C391F53E6449722F6FDC136D92484C47C9
                                                                                                                    SHA-512:FAAAD1CE95650FA67AA7E86F2453DEDC70C6E206BB15DBA4E824BB0D540D884A09A75A48A9E36FEEB83B75232258B7431B1F3DF53A824FA322B3C4E87BEABA14
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........%..e.Z...h.^...i.o...j.s...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......%.....*.....2.....:.....A.....H.....O.....Q.....V....._.....k.....z.................y.......................q.......................f.......................Z.......................A.....j.....v.................3.....@.......................0.......................1.............................r.......................a.......................w.................1.....}......................./.....{.......................F.....i.....x........... .....I.....U.................&.....2.......................!.....s.......................K.......................<.......................2.....x.......................>.....X.................<.....N.................,.....O.............................P.......................;.......................D.........................................0.............................[.............................h.................. ....Z

                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-TW.pak.info

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:CSV text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1051021
                                                                                                                    Entropy (8bit):5.4211132061857965
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                    MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                    SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                    SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                    SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                    Malicious:false
                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                    C:\Users\user\PCAppStore\nwjs\node.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18401792
                                                                                                                    Entropy (8bit):6.484724602010289
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:196608:UFhL+fUAW3m8p73KQ/ZxCSIK7Z5JG1xC/e:UFp+fUAW3m8pDKQ/ZxChK7Z5cjC
                                                                                                                    MD5:6A067CB26AF2C240C240BC81C4A4F311
                                                                                                                    SHA1:CFB1A89616DC14830EB073F4CD84AC4EB14B4534
                                                                                                                    SHA-256:C1E6EF50932D0CD9EDF8FF4C663CFCCA358F2E2D5349B3B7904E4D4D8F6D8882
                                                                                                                    SHA-512:25520B39C834BAAC056958C22EBA1B2317B0D7967F351C66BA6177FB9FFC3FD4B6C0E8489CFBD8B2E477854F75163856F23775BAE6B8A0721048FD961E276BAD
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Bx.e.........." ................L.........................................B...........`..............................................#...2..,.... A.......;..n...........0A.\t..|...........................(.......8............P...............................text............................... ..`.rdata....... ......................@..@.data...@9*..@......................@....pdata...n....;..p..................@..@.gxfg.........?......V..............@..@.retplne......@......F...................tls....a.....@......H..............@....voltbl.......A......J.................._RDATA........A......L..............@..@.rsrc........ A......N..............@..@.reloc..\t...0A..v...T..............@..B................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\notification_helper.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1162240
                                                                                                                    Entropy (8bit):6.551791881008996
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:ouraOSnSamNJMd26Fpz2vWISMtjK+N4cpfATBp5j2Iv8oia7gPhI+nkMoe8r8WJW:ouWJSap2spQ9tXATBT6IQa7S18oW4
                                                                                                                    MD5:EDF83410995BEA188731EF377334ED7B
                                                                                                                    SHA1:B12C8925409701725749A9EBCC9D6CBFDB0122DD
                                                                                                                    SHA-256:B464548564A8B97682560630127AA447D25FE692F887A4822A36B2EF8F250E97
                                                                                                                    SHA-512:A14B61223B0D2E1A7389934559EEC5279A1C2B0C713B0FDAA08F4F979A3B37D8BADED355B42AEF5FEA13A254AF177F5EB152C6C009985F3294C5097035907EE2
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........."............................@..........................................`.............................................\...t........p.......P..................................................(...0...8...........0................................text...F........................... ..`.rdata..............................@..@.data...........@..................@....pdata.......P......................@..@.gxfg....,...........`..............@..@.retplne.................................tls......... ......................@....voltbl.F....0..........................CPADinfo8....@......................@..._RDATA.......P......................@..@malloc_h0....`...................... ..`.rsrc........p......................@..@.reloc..............................@..B................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):196713984
                                                                                                                    Entropy (8bit):6.709853681888895
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1572864:T671igPCQDu9VieLAbOP1nmnq/lbL7IKJciUtkMHs5sx1qqV88:eJiDS610scieJq1
                                                                                                                    MD5:0B9A2D445F28B403D525380817A2636E
                                                                                                                    SHA1:E4BECC1533A42871BA87A06D039D3477ABE4F79A
                                                                                                                    SHA-256:264773127DEA00204A3A52BAE4A4510D610292FDD759B7EAF40BD1B59AD88C6B
                                                                                                                    SHA-512:45BF3DC8C1B118AE26B6A4436591D1B15B339BC6BD8E69E112F0F6ADDB834B0CFD8958AC63BFC712C4A7D9C365FC6944AB80F0D61765170ADF67B5535DEE12E1
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........`...... S....................................................`A........................................G.-..!..../.|.......p.....R..B^..............T...i .8................... b .(...@..8............./......U-.`....................text..."........................... ..`.rdata..X.... ......................@..@.data... .... 4.......4.............@....pdata...B^...R..D^...>.............@..@.gxfg...0C.......D...@..............@..@.retplne.....`...........................rodata......p...................... ..`.tls....A...........................@....voltbl.v...............................CPADinfo8...........................@...LZMADEC............................. ..`_RDATA.............................@..@malloc_h0.......................... ..`.rsrc...p...........................@..@.reloc...T.......V...H..............@..B................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw_100_percent.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):685745
                                                                                                                    Entropy (8bit):7.962986984739525
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:CI3H1fJqjzgsz5B0GDJQrnKs8SNP+QSsSilRBiNz401+gIXm4pboO0TehEr2:F3VBq7zEEmPLSOiNz40AgUjpboO0TO5
                                                                                                                    MD5:9B46F4C8DFC0A55BFAFAC55F17D7659B
                                                                                                                    SHA1:D25F27DF176AADB67BC56A42262BCCAFD14AF4F4
                                                                                                                    SHA-256:B637AE345B830649B4027F39F6EE48F92484A2ACB65DE498E4FDD84EC1010336
                                                                                                                    SHA-512:DE5F500AFE381A16E3FF7DDCB5C8AA538362E55222F7915276BB4C9261E41CBC2403CA1663A7DBF0706D8D51ABC420E26804F67CFD646D7986130A20A659F345
                                                                                                                    Malicious:false
                                                                                                                    Preview:..........O............... ...........@.........p?....q?h...r?...s?<...t?....u?....v?h...w?...x?&...y?....z?...{?9...|?....}?...~?N....?.....?.....?J....?.....?}....?.....?....?1....?O....?.....?.....?.....?.....?%....?.....?.....?.....?.....?.....?m....?5....?.....?.....?.....?0....?.....?.....?e....?.....?u....?.&...?>'...?.'...?.(...?G)...?.)...?.2...?.<...?.P...?.c...?Ce...?yf...?.h...?jk...?.n...?.w...?.....?D....?.....?.....?+....?z....?&....?.....?.....?(....?.....?.....?.....?.....?6....?4....?.....?.....?.....?@....?.....?.....?.!...?]*...?.2...?38...?.@...?.A...?._...?/y...?.....?`....?9....?.....?U....?.....?.$...?S7...?E`...?.t...?p....?.....?K....?&....?.....?.....?.....?A....?.....?.!...?.+...?.3...?u;...?.C...?.H...?rT...?.^...?.b...?[g...?yl...?.}...?.....?.....?k....?n....?"....@.....@.....@.....@f....@.*...@M@...@.Q...@.c...@kq...@W{...@Q....@X....@c....@.....@j....@O....@R....@S....@....&@g...'@Z...(@....)@....*@....+@....,@....-@V....@..../@D...0@.8..1@.9..2@.<

                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw_200_percent.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1079219
                                                                                                                    Entropy (8bit):7.95049008504143
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:H3zBr5zLmmibkFR8+mZR9hQumegvQtSP0AUwvdbbag6edhOLoe4:H3t53mNbkFRJmH9hQRhQsP0AJvdbjrOS
                                                                                                                    MD5:F666B710DA2BED9AC0252C1FA1D00C4A
                                                                                                                    SHA1:0D8288FDE82C2F3B7BD006FCF4CB92246AEFAF6D
                                                                                                                    SHA-256:F1AB589CFD40FB17A7C390B45FFAD8FCF90C133FFF1D14CA5BFC7053A21DC241
                                                                                                                    SHA-512:982BB5EA2C14170D47E150DC8692EBE316EC5D6B584377020C1F58AE0632748CB631182A6BFAD2F909EF6B818B012527367A36D8681B5B56DC735B8CCAF7B52F
                                                                                                                    Malicious:false
                                                                                                                    Preview:..........O.........+...........|.....#.........p?....q?@...r?....s?,...t?....u?....v?|...w?...x?R...y?...z?'...{?....|?....}?V...~?....?.....?.....?....?I....?.....?A....?.....?.....?.....?~....?d....?.%...?.C...?.Y...?vn...?Qp...?.p...?Br...?.y...?Rz...?.|...?.~...?U....?.....?X....?....?.....?.....?.....?.....?.....?X....?.....?.....?.....?g....?.....?*....?.....?.8...?.:...?z<...?.>...?.D...?OJ...?._...?.p...?o....?%....?.....?[....?....?.....?.....?.....?.....?.....?.+...?.>...?.M...?Ra...?4u...?.....?]....?.....?.....?.....?.....?. ...?^4...?.L...?.[...?.t...?.w...?.....?u....?.....?.....?.....?.....?.+...? >...?7Z...?.l...?.....?t....?:....?.....?-....?.....?.....?.....?.(...?_7...?.L...?.X...?.b...?]i...?.q...?.z...?i....?.....?;....?.....?.....?....?z....?.....?H'...?.S...?.t...?d....@.....@S....@\....@.....@.H...@.v...@M....@.....@.....@a....@.....@.....@oI...@6....@.....@,....@....@.....@:...&@....'@....(@0...)@....*@*...+@....,@....-@h(...@94../@v>..0@....1@....2@..

                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw_elf.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1134592
                                                                                                                    Entropy (8bit):6.555043286804751
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:QwQlMOLVebHVYzFbfcWjX9GIwR5Cuh2ZHnTcUy:8lMOLsLVY5fLZx85Fhonor
                                                                                                                    MD5:364F839CA8DE4D942270D9097D48EF15
                                                                                                                    SHA1:82C8040DC2A733EB3EA3E051513C84F992BB17F1
                                                                                                                    SHA-256:A4E521C12FE47816F2D9E2DFED9FD074E370EC587D0A0F3A03B5AEBB76C06560
                                                                                                                    SHA-512:BAF1ED5E558DC0AE037FE0DFF036792CFBD338915C8AF99D10F0202B92CA820298657A86A0F3E8C1387326FDA34DE3EE08649C34AF2417159A24AED9CED02DF3
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .....V...........).......................................@............`A....................................................<.......8.................... ..<....~..8....................}..(...@...8............................................text...-T.......V.................. ..`.rdata.......p.......Z..............@..@.data...T....@...B...*..............@....pdata...............l..............@..@.crthunk.....p......................@..@.gxfg... ,..........................@..@.retplne.............$...................tls.................&..............@....voltbl.B............(..................CPADinfo8............*..............@..._RDATA...............,..............@..@malloc_h0........................... ..`.rsrc...8............0..............@..@.reloc..<.... .......8..............@..B........................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\resources.pak

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4656369
                                                                                                                    Entropy (8bit):7.995866504972196
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:98304:uD6MLlkY6HHy1C85FPmvT+bixvbScP33rjMfCskQzJ/XJ:uDRmVny1k6mVS238fC0BZ
                                                                                                                    MD5:0F1D45867B591D67B0301EE8C4AD5F7B
                                                                                                                    SHA1:F5FB6378C13912DF079EFEE44476FC1B4666EF24
                                                                                                                    SHA-256:A2434429FEA5B3344426E388F9A2191E10449103E933EF7F0CDBF4638F22380D
                                                                                                                    SHA-512:1DB79C82E67547A76D3D479168EE12899E7E03D8C065239976E0A490804182290B76829E483E8F18F7FEAFE7E819D2784C507D7ABCDAB917B62D78696059EE80
                                                                                                                    Malicious:false
                                                                                                                    Preview:............{.,0..|.,0.....3.....5....~...........8...........Ol..........p.................K........... .....I......!....."....d$.....%.....&.....'.....+....MW.....X....I_....Pj.....p.....u.....}....G................?....?.....?.....?R ...?J"..-?.%...?.4../?.D..0?.T..1?.c..2?Gs..3?...4?5...5?k...6?T...7?....8?....9?....:?V...;?....<?.*..=?:B..>?.^..??Su..@?....A?Y...B?)...C?....D?....E?....F?....G?a)..t@],..u@./..v@.2..w@!8..x@.;..y@.@...APT...A.V...A.]...A.l...A3m...A.m...A`n...A.n...A7o...A.o...AGt...A.|...A/....A6....AS....Ai....AF....Al....AG....A;....A.....A.....Ac....A;....AE....AY....A....A....A....A.....A.....AP....B.....B^....By....B.....B.....B.....B4....B....,B....-B.....B`....D.....D.....DM....D_....D3....D4....D.....D.!...D."..>I.%..?I.&..@I.+..AI....BIj/..CI.0..DI.4..EI67..RI.8..SI.:..TI.<..yI"H..zIiR..{I/^..|I&j..}I.t..~I.....I....I.....I.....I....I/....I'....I&....I4....I.....IN....I*....I.....I.....IS....I.....I.....I.....I.....I4....I.....I6....I.....IV"...I.0

                                                                                                                    C:\Users\user\PCAppStore\nwjs\v8_context_snapshot.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):686733
                                                                                                                    Entropy (8bit):5.111423885670035
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:pcypnQ0h29oCMElgheSP48wv9j9N8Yr0Z3If8g6AkgK+JPVrqtyJC:jpQ0aGeywd8y0y8g5kgKUstD
                                                                                                                    MD5:E68978443DDAFD40434C87818C90D338
                                                                                                                    SHA1:C38FC19A469E6C9AF4699ABFE00C5FFE39501726
                                                                                                                    SHA-256:7AC9FB58F00E735E266730FEFC25D1B3C4B58EC789D5540F0424E746712CD9DC
                                                                                                                    SHA-512:D9A7998A70E63ED8375052329033E83EEBDB6F856FFDE3C1077A450F985E379D04778EB30AD29CDAAABD33F4ED4437F8C18C73153B58375A8CD8AB26D8A64D54
                                                                                                                    Malicious:false
                                                                                                                    Preview:.............@..12.2.281.16.........................................................-............%..............a........a........a........ar.......a........a............v...Bw....w...Bx....x...By....y...Bz....z...B{....{...B|....|..(Jb....L.....@..F^.-..1.`.....(Jb...2P.....@..F^..`.....L...IDa........Db............D`.....).D`.....D].%.D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L..............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4483072
                                                                                                                    Entropy (8bit):6.30617269058202
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:xZ5FJsKpHj0diHyTFJtDc1QmmxnuUBJ4oiYKGu+GE2pcSF0Ae7yTamCvWpAFql1u:xZnJikcNZshrvLZom
                                                                                                                    MD5:DB64B157590C89B63D7E7FCF97FD7A01
                                                                                                                    SHA1:64C320EA6A444561E6DEA1E6713DBACDA24B634C
                                                                                                                    SHA-256:53E35896FEF631BA844818E4D91013DA2C1E2324EDD0AFF93EC4F2747793B8A7
                                                                                                                    SHA-512:5429E4CAEEF300EF388E86595E5853C0C5B62EF8D3E0BF84469A994C8A5CD65D8EFF3A038BEF8992AE065A3A61EB765CA19810B6AEAD52F564BCC8D21EB717EF
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......3..........$0.......................................F...........`A..........................................?.....`.?.P....pE......PC.(.............E.....X?.8....................W?.(....O>.8.............?.P............................text.....3.......3................. ..`.rdata..D.....3.......3.............@..@.data.........@......n@.............@....pdata..(....PC.......B.............@..@.gxfg....,....E.......C.............@..@.retplne.....0E.......C..................tls....V....@E.......C.............@....voltbl.8....PE.......C................._RDATA.......`E.......C.............@..@.rsrc........pE.......C.............@..@.reloc.......E.......C.............@..B................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\nwjs\vk_swiftshader_icd.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):106
                                                                                                                    Entropy (8bit):4.724752649036734
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                    MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                    SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                    SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                    SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                    C:\Users\user\PCAppStore\nwjs\vulkan-1.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):918016
                                                                                                                    Entropy (8bit):6.582669085817742
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:7Z7BE4to/6WCfiHqy6Z5WiDYsH56g3P0zAk7En3Lh:7NBETyWCfNy6Z5WiDYsH56g3P0zAk7EV
                                                                                                                    MD5:C59EE747C59CD7B450DB71FD836E7153
                                                                                                                    SHA1:8C43131CAF144B0D359662EF0990E992A3EC7C40
                                                                                                                    SHA-256:334907D2DF7C78DD099A92D13565903DCAE189B977A9774213C769D5C61E4D4E
                                                                                                                    SHA-512:74127AFA5FF13FDCBBF8733CDD300084C5A44A5EE8B99C651E6E6BEB103318610230F70C0100F746C54DAC5409C8334FB28F9AF6D0DC6B438ADD72402C25ED61
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .................0....................................................`A............................................<!..L...P................r..............8....p..8....................o..(...`...8............................................text............................... ..`.rdata..,....0......................@..@.data...|L...@..."...$..............@....pdata...r.......r...F..............@..@.gxfg...P).......*..................@..@.retplne.....@...........................tls.........P......................@....voltbl.8....`.........................._RDATA.......p......................@..@.rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................

                                                                                                                    C:\Users\user\PCAppStore\pcappstore.ico

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):16958
                                                                                                                    Entropy (8bit):1.8361199320851
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:JBna8NJl1Pt7zU73afztxDXLnAvMafBaQaJ0a9IR33+7LhkJuKama4iyA/K:J88fSWtBYjapIhsCuH9yAK
                                                                                                                    MD5:815665F58B066A42DE47F55ED686D184
                                                                                                                    SHA1:49AB7ECDB18F74D1CB573CDDD7194AB4DC8C530F
                                                                                                                    SHA-256:24D463E36F7DA285315A483437E586E08A335086281078950302F13FE9505310
                                                                                                                    SHA-512:62637598067B7EB2A4FA17EA38F35C1AD3CCEC5AE6AA97CC9771392F8CBAB679FA343D12C4E2D8C932194F677119B73BF86E6E2375454B36C3FC75782AF01103
                                                                                                                    Malicious:false
                                                                                                                    Preview:......@@.... .(B......(...@......... ......@..............................................,h. ,h.p,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.p,h. ................................................,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h......................................,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@............................,h.`,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h

                                                                                                                    C:\Users\user\PCAppStore\ui\asset-manifest.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1303
                                                                                                                    Entropy (8bit):4.902823679084491
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:RL/HwAQqyZgnK6nga7LU1LUcLU0wLU0bXcdF8jeye/kXvxnr/HC:F/BFMVa7ALLwLbXW8SVcXv9/C
                                                                                                                    MD5:737299890A8B772E5801BA40F8F3B022
                                                                                                                    SHA1:AC437939DF1661CF07E6AE9C46B3D31F6F497434
                                                                                                                    SHA-256:ED736B2E82A830482890102BFD2DB70C3FD324FFEA4056B8737B12E327899E8A
                                                                                                                    SHA-512:8B66A6B3B8210DDC278C60252BE96B2C0FDECDE5EE7A8AACC811505842ABED52DEFBC8B927ECAE0371EC0D0EA7341E71EB6B9B12B599B20D578C04BED524A200
                                                                                                                    Malicious:false
                                                                                                                    Preview:{. "files": {. "main.css": "/static/css/main.c1bf4e0a.chunk.css",. "main.js": "/static/js/main.dcaf9235.chunk.js",. "main.js.map": "/static/js/main.dcaf9235.chunk.js.map",. "runtime-main.js": "/static/js/runtime-main.cdd4f9cc.js",. "runtime-main.js.map": "/static/js/runtime-main.cdd4f9cc.js.map",. "static/js/2.0e8f1429.chunk.js": "/static/js/2.0e8f1429.chunk.js",. "static/js/2.0e8f1429.chunk.js.map": "/static/js/2.0e8f1429.chunk.js.map",. "static/js/3.cf9f4ce6.chunk.js": "/static/js/3.cf9f4ce6.chunk.js",. "static/js/3.cf9f4ce6.chunk.js.map": "/static/js/3.cf9f4ce6.chunk.js.map",. "index.html": "/index.html",. "static/css/main.c1bf4e0a.chunk.css.map": "/static/css/main.c1bf4e0a.chunk.css.map",. "static/js/2.0e8f1429.chunk.js.LICENSE.txt": "/static/js/2.0e8f1429.chunk.js.LICENSE.txt",. "static/media/SettingsWelcome.scss": "/static/media/copy_icon.570b8027.svg",. "static/media/index.scss": "/static/media/icon_weather_white.c0043930.svg",. "sta

                                                                                                                    C:\Users\user\PCAppStore\ui\favicon-16x16.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):278
                                                                                                                    Entropy (8bit):6.614793808897997
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:6v/lhPPMQkFkqhJBk0kCtMFfnQZlAfIVx7yXE8RpYLbp:6v/7n/kF1zfkbF/QZlyE7f8RpO
                                                                                                                    MD5:8F48B667D8E9CDDFB5054AC4EAC29240
                                                                                                                    SHA1:4A4EB9C0517E5CD1C1D5AE56317B4BBCC0764127
                                                                                                                    SHA-256:FF0D456949E2CE773674674AC839A2A001E84BD9EBCD14208E8C66AF1A171ACE
                                                                                                                    SHA-512:27982C77FECE97CE6E68B6D77D2350CA5E5D0CD2A957A25A79AE5BD58B34BAEF6E1BFD3B40113A451CC2E9482F55487B9B45F4B081303821E58415CE99590968
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR................a....pHYs...........~.....IDAT8.c._.n..........H.........g.< Y3.0.>`B..................P..I10.d.6@F......T..=...f...$&..Q..-. t.$T... 1d5P..?C.?.?-p......k.....N......&...3..{.30\.....$.&J43...5...!...I@<......Y.0.....#.7. YcL....IEND.B`.

                                                                                                                    C:\Users\user\PCAppStore\ui\favicon-32x32.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):506
                                                                                                                    Entropy (8bit):7.41701077919571
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:6v/7iYIsyiKLDtn/APtlcrmjMBSyhHGMt0vJ/b9L7xGps:2IZLR2tlcagSyYnR9vxGps
                                                                                                                    MD5:6B5236D9B2E90E8DE0698738970AD3BC
                                                                                                                    SHA1:630268F0F33505B8234B4FAC45D71BE6D9249BB3
                                                                                                                    SHA-256:A259FC6513283C0C86A3E4C6B6A7EF9ADEAB7EE7EEEC3D20E1775514707B3076
                                                                                                                    SHA-512:ACBD58708AEFEFF8ABBBEFB875E4771DB60034EB2A8CA06F8C66259BE9D4D08B5005872238A9EF894836D5D299EEB235F4DD08A6101D8958A906FDAB782946D3
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR... ... .....szz.....pHYs...........~.....IDATX..W.O.@.}4..]pCV?.....e....L.M...D......#.7u1.Q..A.M...q.E.c.4..+.....}...]/..a..!.]....GoQ..hz..f.lt.@...Nd...9........>(.......{.@p..|.K.TN.+...]....b...9..%..B.8@p.n.wQ..q).8...Lw. .^K:...U...r....<.4......\..T..K......y..Z...<. ....,.v..\h.r..[c.}W....+ce.X....>.....[9..pu.*?.........i~...Z8?....;W..K...&..y....=K...h.2.0.......,ml...8A..&np....?........(...P..7#...9/..s.hz...>-.=.'.?..p1P.......IEND.B`.

                                                                                                                    C:\Users\user\PCAppStore\ui\favicon.ico

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4286
                                                                                                                    Entropy (8bit):1.9733781811385676
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:suZHtjTPH80V0wiAaxJLaj5jphDI3iSsfn:suZh5iAaxJLa5jpm52n
                                                                                                                    MD5:B71C63AF25F44A21143174E24791FBFB
                                                                                                                    SHA1:EA7F0627F790FF60A65EA35B59F2641BB8CE8476
                                                                                                                    SHA-256:7942B4CE85D40498753EC1C9AC369B1F01B2BD4C9614061F6153BC8C15F8C7BA
                                                                                                                    SHA-512:B6B75D19FB7DE0D473D2D65D5ED1BEFDC99F2B89B4568FA363DA793A042F27A9CA8E79DA62A263F76089E0ECF2B5A0A891E786868A60B77D9193A8C267BB22D2
                                                                                                                    Malicious:false
                                                                                                                    Preview:...... .... .........(... ...@..... .................................,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@............,h.`,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.`....,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h

                                                                                                                    C:\Users\user\PCAppStore\ui\index.html

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:HTML document, ASCII text, with very long lines (3269), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3269
                                                                                                                    Entropy (8bit):5.261013244860872
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:zPY1r9uQtC7RCgkn/GWu7HzeX94X6044+:UtqRCxu7HX604B
                                                                                                                    MD5:B3C4B6DA8FA7E44B8A10FA3316F66356
                                                                                                                    SHA1:9A93BDF1C70DCC9504C00CD0D3F212D622787EC3
                                                                                                                    SHA-256:C6CA5E960B32E913B85AB676BC7C518431755DE33C28FD9716939B333EAF8F58
                                                                                                                    SHA-512:F3F7F6D22B426E9B1AAA31E1F3568F1F74BB627898B297C2BB90821E0CA40909698230F6DF25041E00B5AE1D59CFC34BBDFC3B338BE279A3DAF270FBDE3F3118
                                                                                                                    Malicious:false
                                                                                                                    Preview:<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin/><link href="https://fonts.googleapis.com/css2?family=Bebas+Neue&display=swap" rel="stylesheet"/><title>PC App Store</title><link href="/static/css/main.c1bf4e0a.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><div id="portal-root"></div><script src="https://pcapp.store/src/main_code_nw.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],f=0,s=[];f<i.length;f++)a=i[f],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&s.push(o[a][0]),o[a]=0;for(n in c)Obje

                                                                                                                    C:\Users\user\PCAppStore\ui\manifest.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499
                                                                                                                    Entropy (8bit):4.571997514321595
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:3HKvfHmH2eHmHbpl5XuXLjQLMzomezgCHZXXuXLjQaFqJWFGez4/ZXXuXLjQ4VzP:6OO35oL0JXoLuRXoLiWjvV/2wDTMA
                                                                                                                    MD5:B6D88DB0D0FF77D182C5BFA47A6649D4
                                                                                                                    SHA1:4502E844EE48233B345B3AD057FCD1101EC8F3F4
                                                                                                                    SHA-256:8721FD01677570E770F1142AB468CD6F2E65DDE19DC03F64D54A57DF1EDEFE06
                                                                                                                    SHA-512:75986B7B0D83A9548838A8169B6F2FFAF682B454CDC6C1CAF0000866FD4A41180C764F5F73762916C37E27D6A8961E3BB7535EB8862FD9FCA74B7DCA2C2CCFBE
                                                                                                                    Malicious:false
                                                                                                                    Preview:{.. "short_name": "PCAppStore",.. "name": "PCAppStore",.. "icons": [.. {.. "src": "favicon.ico",.. "sizes": "24x24 64x64",.. "type": "image/x-icon".. },.. {.. "src": "favicon-16x16.png",.. "type": "image/png",.. "sizes": "16x16".. },.. {.. "src": "favicon-32x32.png",.. "type": "image/png",.. "sizes": "32x32".. }.. ],.. "start_url": ".",.. "display": "standalone",.. "theme_color": "#000000",.. "background_color": "#ffffff"..}

                                                                                                                    C:\Users\user\PCAppStore\ui\package.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2511
                                                                                                                    Entropy (8bit):4.786444073109678
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:KZ7OPI4lJJypc9ZE3RuOk2XGh05bJrCP+o7RKw3/cHRzDCWEXutY1CC:gqP+cjEFraPcHRs1CC
                                                                                                                    MD5:BA0268049BD46633F0423F58B70A6766
                                                                                                                    SHA1:B5ACE19636832D4C9F4234A041A2399D10B1688C
                                                                                                                    SHA-256:DC5928240FA75562C9DE99E07584BB878B5F1697F6FA7876DDDBC53409CD22CE
                                                                                                                    SHA-512:E6E8E0D889C54FF57141E4C7515D9FFC8B1F9951AB65754D805150A67E1BD43D3894277792416EA76D36525EF2301AF088A47E552B1A954E9B3AFC9274407EC7
                                                                                                                    Malicious:false
                                                                                                                    Preview:{.. "name": "pc_app_store",.. "version": "0.1.0",.. "private": true,.. "homepage": "/",.. "dependencies": {.. "@testing-library/jest-dom": "^5.14.1",.. "@testing-library/react": "^11.2.7",.. "@testing-library/user-event": "^12.8.3",.. "bezier-easing": "^2.1.0",.. "html-react-parser": "^1.2.7",.. "node-sass": "^6.0.1",.. "nw-react-scripts": "4.0.4",.. "prop-types": "^15.7.2",.. "react": "^17.0.2",.. "react-beautiful-dnd": "^13.1.0",.. "react-dom": "^17.0.2",.. "react-redux": "^7.2.4",.. "react-router": "^5.2.0",.. "react-router-dom": "^5.2.0",.. "redux": "^4.1.0",.. "redux-devtools-extension": "^2.13.9",.. "swiper": "^8.1.4",.. "web-vitals": "^1.1.2".. },.. "scripts": {.. "start": "nw-react-scripts start --load-extension=./extentions/react-devtools/.,./extentions/redux-devtools/.",.. "build": "nw-react-scripts build",.. "build-bin": "node build_bin_src.js",.. "test": "nw-react-scripts test",.. "eject": "nw-react

                                                                                                                    C:\Users\user\PCAppStore\ui\robots.txt

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):70
                                                                                                                    Entropy (8bit):4.431168424936135
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:SHWfrSLaHKatMCLHKw7tD0yjHK7HKsyn:SHWfGLaICLtKwK7HKh
                                                                                                                    MD5:61C27D2CD39A713F7829422C3D9EDCC7
                                                                                                                    SHA1:6AF64D9AC347B7B0B3CFE234A79073CF05A38982
                                                                                                                    SHA-256:E5AB0D231EEB01B4A982D1C79A6729CAC9797AD15A69247E4F28BA6AFC149B4C
                                                                                                                    SHA-512:29CD3E46BB05A804075AF73FC615A06DA7D1FBA5654538C157A405D0F41EBEFD844B3904E8A0F13434B21E3C36481C34CFA6F17F5B549CE27928A0D6405E39DC
                                                                                                                    Malicious:false
                                                                                                                    Preview:# https://www.robotstxt.org/robotstxt.html..User-agent: *..Disallow:..

                                                                                                                    C:\Users\user\PCAppStore\ui\static\css\main.c1bf4e0a.chunk.css

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with very long lines (40486)
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):40538
                                                                                                                    Entropy (8bit):5.038776756689567
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:S7z1Ga9nXaidoCEvEwEJE+E3EGEhEoE4EJQwX0QwX8bnyV:S7z1Ga9nqVHcxK70TSZJjnyV
                                                                                                                    MD5:BA8B67B72756499BC9D31F02415F8F95
                                                                                                                    SHA1:5DB9B0B789AFC7B9E2DDDE7BBF25A598D2651690
                                                                                                                    SHA-256:EE09B0CBE65537C047DEB471B09245846CA63E3B2E8E5D28D08193D59AE7D622
                                                                                                                    SHA-512:BF1A868656927498DF639FF0E3CF4F319C4E943B15F0A5206F22B14C33DA6C54078DFB586081F4B39FB29FA65E5C30C0AB1048F7E74964931D893117AEDD1AB7
                                                                                                                    Malicious:false
                                                                                                                    Preview:.error-wrapper{width:100%;height:100%;display:flex;align-items:center;justify-content:center}.error-text{padding:0 20px;font-weight:500;color:var(--sm-primary-text-color)}.in-background{width:100%;height:100%}.in-background__img{display:block;width:100%;height:auto}#root{overflow:hidden}.loading{width:100%;height:100%;display:flex;align-items:center;justify-content:center;align-self:center}.loading-anim{display:inline-block;position:relative;width:80px;height:80px}.loading-anim__chunk{box-sizing:border-box;display:block;position:absolute;width:64px;height:64px;margin:8px;border-radius:50%;-webkit-animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;border:4px solid transparent;border-top:4px solid var(--anim-color)}.loading-anim__chunk:first-child{-webkit-animation-delay:-.45s;animation-delay:-.45s}.loading-anim__chunk:nth-child(2){-webkit-animation-delay:-.3s;animation-delay:-.3s}.loading-anim__chunk:nth-child(3){-webkit-ani

                                                                                                                    C:\Users\user\PCAppStore\ui\static\css\main.c1bf4e0a.chunk.css.map

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):75429
                                                                                                                    Entropy (8bit):5.131553566266101
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:Mq/jSvnoZDXmm2TDm7VGLi/LMq5HD0pN1Pml47K0Ynbej9DvBXhvEPn3IGxJDIzv:RSfoNtLMNIsD
                                                                                                                    MD5:DF0CB96BE26094690EC20638CFD19744
                                                                                                                    SHA1:730926C0825BE3FDE3157F5858E7BD2F0C3FB289
                                                                                                                    SHA-256:875CB85F5AD444F42D28B88AE54718F386ED5409B6C90F42CDF35615C2770415
                                                                                                                    SHA-512:58BA6FDBA602CD1F47AAFE23C65DBE9CA152677C357A5AB4143826DD0004AEAB9798EAE2DFA8315A9346832622E1C5DB7B52D74F9DC0B5F2276CDBFF08576A62
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"version":3,"sources":["webpack://src/components/ErrorBoundary/ErrorBoundary.scss","webpack://src/windows/Main/Main.scss","webpack://src/components/Loading/Loading.scss","webpack://src/components/InjectHTML/InjectHTML.scss","webpack://src/windows/StartMenu/StartMenu.scss","webpack://src/windows/Search/Search.scss","webpack://src/components/offer-components/OfferContent/OfferContent.scss","webpack://src/windows/Offer/Offer.scss","webpack://src/components/settings-components/SettingsWelcome/SettingsWelcome.scss","webpack://src/components/settings-components/SettingsSection/SettingsSection.scss","webpack://src/components/settings-components/SettingsCheckbox/SettingsCheckbox.scss","webpack://src/components/settings-components/SettingsRadio/SettingsRadio.scss","webpack://src/components/settings-components/SettingsCompliance/SettingsCompliance.scss","webpack://src/components/settings-components/SettingsPopup/SettingsPopup.scss","webpack://src/components/settings-components/SettingsNavigatio

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.0e8f1429.chunk.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):673416
                                                                                                                    Entropy (8bit):6.007715100140441
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:3UKZOwYtiIpIySyzABHAmmKJn6f24zcQiv9WhwJg3:gJZSyzABHnln6ezWhp3
                                                                                                                    MD5:256C2960C1C6B5125CF8BE9A74EFC861
                                                                                                                    SHA1:476C3A279B9B70AF869C174D177021043E75DC3C
                                                                                                                    SHA-256:F7EE797420975CB738D9AB3989EF454B9DB080BDE6A186E94D813ECFC1710ADD
                                                                                                                    SHA-512:01E429495544B6381BBDF9EB8738FD8BF8D9AEAA5945536108EC61D7666AB6A7238D3E752DA1912FADD799523D7236722E2837D937F802C2EAC66EAE83FC0C59
                                                                                                                    Malicious:false
                                                                                                                    Preview:.........H...$..@..hF...........,T.....`&.......m.`......L`x....!..$Rg.......webpackJsonppc_app_store..........`......L`.......`......Ma........`.......`.....!.Lv............................................................................................Eo................................................................Eb.............Eg................................Eb.............Eb.............,T.4.`........`......L`.......^.......0a..........Kc........T.(.....f.... ........0.b...2.........$Sb............I`....Da>...........b.........,...L.....Ia........Db............D`........Q.`^........,..,T.4..`........m.`......L`.......^.......Xa..........Kc........T.(.....f.... ........8.b...2.........$Sb............I`....Da............b.........,...Le........@.................,T.X.`h.......`..... L`.....<Sb..............a.......!.b............I`....Da.........,T...`........`.....(L`.....0Sb.............!.`$.......`....Da....8.........)...........,T.<..`0.......m.`......L`..................

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.0e8f1429.chunk.js

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):66
                                                                                                                    Entropy (8bit):4.90372423276536
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:+BKSLDrbIoMLNLQJljRquKXIUaHL/n:+Dn4oRP7L/
                                                                                                                    MD5:F067DAFE94D1DB7AF2C5420C12E48660
                                                                                                                    SHA1:0C8B03D660DF4D0E08E38C9D1B51A85BD797D580
                                                                                                                    SHA-256:B2973036345797A370D9C05465DF1A8E42A8DD064C0508CC1761F74B093EA04D
                                                                                                                    SHA-512:5163F1ADFFBF83876C039934627CEB929D7205573EA104678FCAE464ABC76B415D8F122FB56710BB4DF8A2A2BEC58E22593A33EF8D8C95EF149C3721684DA55D
                                                                                                                    Malicious:false
                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/2.0e8f1429.chunk.bin");

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.0e8f1429.chunk.js.LICENSE.txt

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1686
                                                                                                                    Entropy (8bit):4.736390551286131
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:YXFwBA4uoqIfy+wBA4uoqIfyKwBA4uoqIfyEwBA4uoqIfyLqwBA4uoqIfyDwBA4l:TIAfyIAfaIAfOIAfiIAfnIAff
                                                                                                                    MD5:10A587045DF3F39CD774951756F33E54
                                                                                                                    SHA1:2AC3C8FEF92062A32E6837B2ACF36A3D58E98E15
                                                                                                                    SHA-256:761ACCA609686727835E6A840345E57331CD86CEC03BBD6FEEA3583F7D7E8DB4
                                                                                                                    SHA-512:903E145B7C05F596FF77784AA075934B890DDAD18829FAFF14F33A98DECDB7EF5C2CF9233A1FA4D6881C2BC6232A4984EDE3DCDD311E70925E940AA097931AC7
                                                                                                                    Malicious:false
                                                                                                                    Preview:/*.object-assign.(c) Sindre Sorhus.@license MIT.*/../*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */../** @license React v0.20.2. * scheduler.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v16.13.1. * react-is.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v17.0.2. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v17.0.2. * react-is.production.min.js.

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.0e8f1429.chunk.js.map

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1024473
                                                                                                                    Entropy (8bit):5.4235483730669785
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:W5m9IfCJcudFuzqZx4OFNlTQPl/NjTdkTZVANftCgJEBPG9+Meh:UilTQPlljTdkTZkCgJEl++Meh
                                                                                                                    MD5:BD3FF30D96539DE94E32DD93D20A61AB
                                                                                                                    SHA1:477D734E087FA63CD86C4A2FAD818B752C96F5F8
                                                                                                                    SHA-256:5932667EE4B9237679ACE27827C089118A7D9B10D1AA064E93AC2F0F2A1C161D
                                                                                                                    SHA-512:D86E06AC5983EE00DC52DD4B52BF088CF1CE583DB15B70798EC49BA39E0969B0CA958959AF1C1A9747ECAC3499D656B9CAC3F894B8ACB5AD6755768BB4A10A6E
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"version":3,"sources":["../node_modules/react/index.js","../node_modules/react/jsx-runtime.js","../node_modules/@babel/runtime/helpers/esm/objectSpread2.js","../node_modules/prop-types/index.js","../node_modules/react-redux/es/components/Context.js","../node_modules/react-redux/es/utils/batch.js","../node_modules/react-redux/es/utils/Subscription.js","../node_modules/react-redux/es/utils/useIsomorphicLayoutEffect.js","../node_modules/react-redux/es/components/Provider.js","../node_modules/react-redux/es/components/connectAdvanced.js","../node_modules/react-redux/es/utils/shallowEqual.js","../node_modules/react-redux/es/connect/wrapMapToProps.js","../node_modules/react-redux/es/connect/mapDispatchToProps.js","../node_modules/react-redux/es/utils/bindActionCreators.js","../node_modules/react-redux/es/connect/mapStateToProps.js","../node_modules/react-redux/es/connect/mergeProps.js","../node_modules/react-redux/es/connect/selectorFactory.js","../node_modules/react-redux/es/connect/connec

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\3.cf9f4ce6.chunk.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):16240
                                                                                                                    Entropy (8bit):5.4978991340628935
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:NwmVKPQB7RAY/Frz9UY4D2EjvefZiFJLFOJBMYtXDx:5Ka3FrCYEMsFtuXDx
                                                                                                                    MD5:1B83BDE47892A049925572BD77B5E3B3
                                                                                                                    SHA1:998F7A3CED8FC72502A7108A5A64FC8D2505768F
                                                                                                                    SHA-256:5A953842AC9CA303D5159FB44F29251450DEA6B0F1DEA7556D6BC2A9AF28389A
                                                                                                                    SHA-512:39FD3A313AD2224EB5DA8CC32B7B3DD3462DE10748AAC64CB3E042ECAA5A756783845D4E1A1125833E428685A87D371AEADB45E80C558D0597D414DFB9186D67
                                                                                                                    Malicious:false
                                                                                                                    Preview:........'....$..@..P?...........,T.h..`........m.`..... L`.....!..$Rg.......webpackJsonppc_app_store..........`......L`.......`......Ma........`........c................C.,T.I..`B.......`......L`D.....Sb........2.....!...!...a.......!...........a......!......a.................!...!.............a...a.........x......................................................................................................Rb........124.`....Da.....!....a......Rc.s......getCLS...,T.(.`........`....]......Ha..........Kb.......... .c.................(Sb...........I`....Da....2....8....L.....Ia........Db............D`.......Q.`p........(..D..,T.(..`........m.`....]......ha..........Kb.......... .c.................(Sb...........I`....Dah........8....\e........@.................,T.(.`........`....].....a..........Kb.......... .c.................(Sb...........I`....Da...........e........@.................,T.(.`........`....].....a..........Kb.......... .c.................(Sb...........I`....Da

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\3.cf9f4ce6.chunk.js

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):66
                                                                                                                    Entropy (8bit):4.8128151418562695
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:+BKSLDrbIoMLNLQJljRquKWLUCGA7LjL/n:+Dn4oRPDLUFsL/
                                                                                                                    MD5:B3E7D84CF0B8A2298C89F91F084C0809
                                                                                                                    SHA1:CE8389EE3CDEBD3DEA5628A441971C723D835D8C
                                                                                                                    SHA-256:E9FFA7AB9823450EDDC6F312504281D6C9D87BDD89B3E4B4478C2E22FAC1E55B
                                                                                                                    SHA-512:69BD25B2F3F76A8A763749C91745828A1EB05B103A543BF691D72757CE9E70F3EBC1D153F094ED081CE06172F62AC3E8CBD1E69849B92854C32693D2915510D5
                                                                                                                    Malicious:false
                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/3.cf9f4ce6.chunk.bin");

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\3.cf9f4ce6.chunk.js.map

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):9898
                                                                                                                    Entropy (8bit):5.1083863257804785
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:fHLn4vlsHvjvxo7FUhWnl68oC4k0XiajoQgJhMiatsCPOQ:fHL4vYvjvxo7Fq8oCmXiajsWmQ
                                                                                                                    MD5:B079CA1E88F9F0249B645CF6809C0059
                                                                                                                    SHA1:4AE49B4802E3ECDDCBC00E54487B1ED6A2DB66F8
                                                                                                                    SHA-256:C43B883FF47319D6301976F55CBA18CDCF29DB95D79EDED8926C9C4FF93AE76F
                                                                                                                    SHA-512:4F9F19403A05360738085E3D1849A86F20124EA04635F0DE4806C65EDEA26812D23CA1AF0AA7DC7201BC7EEE9B0E5B80FF58214718BA3114F65CEE716439BB21
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"version":3,"sources":["../node_modules/web-vitals/dist/web-vitals.js"],"names":["e","t","n","i","a","name","value","delta","entries","id","concat","Date","now","Math","floor","random","r","PerformanceObserver","supportedEntryTypes","includes","self","getEntries","map","observe","type","buffered","o","document","visibilityState","removeEventListener","addEventListener","c","persisted","u","WeakSet","Set","f","has","s","hadRecentInput","push","takeRecords","m","p","v","timeStamp","d","setTimeout","l","disconnect","startTime","add","performance","getEntriesByName","requestAnimationFrame","h","passive","capture","S","y","w","g","entryType","target","cancelable","processingStart","forEach","E","L","T","once","b","getEntriesByType","timing","max","navigationStart","responseStart","readyState"],"mappings":"8GAAA,+MAAIA,EAAEC,EAAEC,EAAEC,EAAEC,EAAE,SAASJ,EAAEC,GAAG,MAAM,CAACI,KAAKL,EAAEM,WAAM,IAASL,GAAG,EAAEA,EAAEM,MAAM,EAAEC,QAAQ,GAAGC,GAAG,MAAMC,OAAOC,KAAKC,MAAM,KAAKF,OAAOG,KAAKC,MAAM,cAAc

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\main.dcaf9235.chunk.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):456496
                                                                                                                    Entropy (8bit):6.15084447512208
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:ZrPN59DsjtsTGQmv6b7sSQyc6bwQEtlFiiE2UdP7sgoycSga57sgoyG7sgoyHJ3u:ZzTJutsTGu1iwLdSm18h4v
                                                                                                                    MD5:CE1CC6C8BC3F31797D3EA709A1903258
                                                                                                                    SHA1:6F82BAC73F550DB3AB59F60991B7A9B4028A35FD
                                                                                                                    SHA-256:DD0E08292A1E45C37FDA2788F753A222B8BC1A5121349EE9179EF7650AC3A2E3
                                                                                                                    SHA-512:77F8EAEB94170094A6886D0EF7F4FEF15027EF2950E3B49FFC367F740EC3CECFD244447EFAE9C1D4CD5C16B1DA08EAB10188C7C1D4243C693BE835A2796B2120
                                                                                                                    Malicious:false
                                                                                                                    Preview:.............$..@...............,T.]...`l.......m.`.....5.L`.....!..$Rg.......webpackJsonppc_app_store..........`......L`.......`......Ma........`.......`......L`.......`......Mc...........................`.......La..........Ec.................E`.....Eg.................................E...........................................................................................................................................................................................................................,T.8.`".......`......L`......Rc.b.....require...Rb........fs.....^.......@a..........Kc..........(...8.g............!......b...2.........$Sb............I`....Da............b.......... ..L.....Ia........Db............D`........Q.`D........<..,T.8..`".......m.`......L`.....L..Rb.2M....net....^.......pa..........Kc..........(...<.g............!......b...2.........$Sb............I`....DaB...........b.......... ..de..........................,T.8.`".......`......L`.......Rb...h....http...^..

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\main.dcaf9235.chunk.js

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):69
                                                                                                                    Entropy (8bit):4.818153986638205
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:+BKSLDrbIoMLNLQJljRquKGwSNGL/n:+Dn4oRPpsL/
                                                                                                                    MD5:91613390657C6441F0CDDD8667B810E7
                                                                                                                    SHA1:22219D5ABBF00A99E04961707C76ED2B4D757FEC
                                                                                                                    SHA-256:CFB0C2F91BCE0BCCF2F7EF7B8332C058FBFE46D6793EA39BBBDFD1B9BFD7EAB6
                                                                                                                    SHA-512:0B32C0CA790AEB8DD72719A0E36AA7350392980C52452753D72714D234C82D6A99275FCA57B9C344084C711E78AF835C77B5A1018BEE8BF224CCBB2F8809A692
                                                                                                                    Malicious:false
                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/main.dcaf9235.chunk.bin");

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\main.dcaf9235.chunk.js.map

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):690187
                                                                                                                    Entropy (8bit):5.3657387593915145
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:cOsGEzkktmfXyrn+i0LtAlxnXst2hVzhvFvPufyH+LqCXB/5vkQL7aB71NxTKXY5:QSynJatAlVC3wB7nWq
                                                                                                                    MD5:005BAEA3D0DE083DBFB5CDD57339DA95
                                                                                                                    SHA1:ED7EA1D41292392F5C6DA850C7F4B10FE1DF2647
                                                                                                                    SHA-256:04383BD4D0558A3FD8DCDC658F56A23D4F41B95BD7D72563246271C3C556A1E7
                                                                                                                    SHA-512:6E9AEC321BAC4848550F00D96FE8B897F67202E076981820492ACE9CE0BD517ACFC5A34EA629F8998C316A637E76BF5E2A024EFD41BE0E933F025ADABC359534
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"version":3,"sources":["../external \"fs\"","../external \"net\"","../external \"http\"","../external \"https\"","../external \"path\"","store/actionTypes/appActionTypes.js","store/reducers/appReducer.js","store/actionTypes/windowsActionTypes.js","store/reducers/windowsReducer.js","store/actionTypes/startMenuActionTypes.js","store/reducers/startMenuReducer.js","store/actionTypes/settingsActionTypes.js","store/reducers/settingsReducer.js","store/actionTypes/searchActionTypes.js","constants.js","store/reducers/searchReducer.js","store/actionTypes/offerActionTypes.js","store/reducers/offerReducer.js","store/actionTypes/topbarActionTypes.js","store/reducers/topbarReducer.js","store/actionTypes/notificationsActionTypes.js","store/reducers/notificationsReducer.js","store/actionTypes/widgetActionTypes.js","store/reducers/widgetReducer.js","store/reducers/rootReducer.js","store/store.js","store/actionCreators/appActionCreators.js","store/actionCreators/windowsActionCreators.js","store/actionC

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\runtime-main.cdd4f9cc.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6880
                                                                                                                    Entropy (8bit):5.780693101615468
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:xic+H+F/xHMah4jd7U/qVvKcg9VSSZ3QpADbiEBzN+W5RTXY:jCQ1XkWCVicg9VDgpNYTRk
                                                                                                                    MD5:4FA32B7B0E24BED1A9E2E639180C6DAC
                                                                                                                    SHA1:929ECB83121E556DED3E3757CDF15F77CB215A66
                                                                                                                    SHA-256:088A11BAAE726E4380E8CD4EF349AF27C15A574443F825BB94703B845E6B1F7B
                                                                                                                    SHA-512:784F6C3D98B21B7E9A7442075D9C122AC04426D462A34FCCFD9394884AE18BEF8A5C742A4B8A6773DCA7D3E8A83032B736597804FD26FE631018E2C39C27D33E
                                                                                                                    Malicious:false
                                                                                                                    Preview:........>....$..@...............,T.4..`........m.`......L`.....,T....`........`.....xL`8....\Sb..............!......a.......!...!....f$...........................I`....Da.........,T.-..`........`.....(L`..............................B...........(a.........xK|.....`.H...................8......c.(.<...0.......#.H..................(.<...H.............(.....{....$... ...<........x............/...../...../.....}..-...n...Y../...!...-....-....-......._......$...../....-........./..../...^........4.. ..P"..\.#...Iw...$.....;....$.-.!...-....-..%.-..'._....)......./.+.4..-...:./.......b..0-..2..-..4.]..6.a.8...:...-....-..;........}=._....>...a.@...(Sb.............a.`....Da....P.... .8..lB........ ........P...... ...../..........P...p.`.@..L.....Ia........Db............D`.....T.Q.`&...........$..,T....`........m.`......L`.........r............Pa.........HKp~.......<.......d...........T.........?........!..<. ........g.... ...P................-...n...q...../........-...n...#../.......

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\runtime-main.cdd4f9cc.js

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):71
                                                                                                                    Entropy (8bit):4.7442478245494595
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:+BKSLDrbIoMLNLQJljRquKeOISOBnDsHKsen:+Dn4oRPxOIRhC8
                                                                                                                    MD5:07D51995B0C40EB6A7D648682400933E
                                                                                                                    SHA1:673509F2150E63B0B1C2DA099AAB362214571CBD
                                                                                                                    SHA-256:F3AB2E215ED0CB5A170CECF2AF7B323810F0E48ACC15F255A9F87CFC2EFF8ECD
                                                                                                                    SHA-512:79026CBCE83B9C1589B6A77F81842AA4D9015E645CDB8FC0BABCE54118897A45F4D1AC82787476FC7BAA9C71AE7BD6FA38DCCAE12884A8AB6152A316D69CEECC
                                                                                                                    Malicious:false
                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/runtime-main.cdd4f9cc.bin");

                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\runtime-main.cdd4f9cc.js.map

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):12604
                                                                                                                    Entropy (8bit):5.32907166018772
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:fUPtHULTmhOVrLDtitZ3Rud/vSwmQFy9UFTmCaFmD5X7hNPn:cPtHU0SvSwmQJFTmCaFoLbPn
                                                                                                                    MD5:C7F90D5C550BFEECD43C415429428E79
                                                                                                                    SHA1:0D542CE39CD81D11AC9A73A3C0F81219DFB2E986
                                                                                                                    SHA-256:94AD0934D5C3FA12061BFF99B5CB495C0B6583E126E0D3CC99DCA62DCFFD8151
                                                                                                                    SHA-512:092EDF55040DFC6EBA370A4A4F15397F2B25363A45FB9D686493EBAB669A9864C42483EDFF23BC708BC77537B52292F4D71FAA706DB4D7DD2649DBE4FA922F96
                                                                                                                    Malicious:false
                                                                                                                    Preview:{"version":3,"sources":["../webpack/bootstrap"],"names":["webpackJsonpCallback","data","moduleId","chunkId","chunkIds","moreModules","executeModules","i","resolves","length","Object","prototype","hasOwnProperty","call","installedChunks","push","modules","parentJsonpFunction","shift","deferredModules","apply","checkDeferredModules","result","deferredModule","fulfilled","j","depId","splice","__webpack_require__","s","installedModules","exports","module","l","e","promises","installedChunkData","promise","Promise","resolve","reject","onScriptComplete","script","document","createElement","charset","timeout","nc","setAttribute","src","p","jsonpScriptSrc","error","Error","event","onerror","onload","clearTimeout","chunk","errorType","type","realSrc","target","message","name","request","undefined","setTimeout","head","appendChild","all","m","c","d","getter","o","defineProperty","enumerable","get","r","Symbol","toStringTag","value","t","mode","__esModule","ns","create","key","bind","n","object",

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\copy_icon.570b8027.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1370
                                                                                                                    Entropy (8bit):5.283353360674453
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:2dVm5AXxGvObLfE6odI4/UB4esb1Fke5UZZMQQZn5/ZyY2nOFUig2FLy8:cVqAXQ8fEhN6obDUZZOPyPncUhyy8
                                                                                                                    MD5:C28FE12628EAF4B73719080A13F8E1A5
                                                                                                                    SHA1:4900054A3A0BA37B054F7E99826AF0008928AAB5
                                                                                                                    SHA-256:EDEA379F1A676ED9E3ECF876A940EF2B6E8D9FB16804187D534CAE46F66F9BD1
                                                                                                                    SHA-512:6E1A2CE50D6B545A26011D8E3339F4FA4C228FBEFEC53A9177BE51DBB12C3C0FDFA33B2A6490F89211647ADC4D8A38A1B34ECC1114DE6C6A8013A51F2DBB58B8
                                                                                                                    Malicious:false
                                                                                                                    Preview:<?xml version="1.0" encoding="iso-8859-1"?>.. Generator: Adobe Illustrator 18.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 210.107 210.107" style="enable-background:new 0 0 210.107 210.107;" xml:space="preserve">..<g>...<path style="fill:#c3c3c2;" d="M168.506,0H80.235C67.413,0,56.981,10.432,56.981,23.254v2.854h-15.38....c-12.822,0-23.254,10.432-23.254,23.254v137.492c0,12.822,10.432,23.254,23.254,23.254h88.271....c12.822,0,23.253-10.432,23.253-23.254V184h15.38c12.822,0,23.254-10.432,23.254-23.254V23.254C191.76,10.432,181.328,0,168.506,0z.... M138.126,186.854c0,4.551-3.703,8.254-8.253,8.254H41.601c-4.551,0-8.254-3.703-8.254-8.254V49.361....c0-4.551,3.703-8.254,8.254-8.254h88.271c4.551,0,8.253,3.703,8.253,8.254V186.854z M176.76,160.74

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_calculator_gray.f29de877.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):5175
                                                                                                                    Entropy (8bit):3.933853115875902
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:FJpkgJIjAwPNke13W1eKL7T2+mb93ore1phgUT2v+CS:FJpk15zN1rhgUT2v+CS
                                                                                                                    MD5:CF8666E7736704C07412232858C9CBA3
                                                                                                                    SHA1:EE8666C41448498D22620353C27EB8489D763249
                                                                                                                    SHA-256:E1E0907E45A212DD9EAD8243A6C1B07907BE5E51F4399AAB6531E285322B1925
                                                                                                                    SHA-512:332195DB62034A4FB5D6D86B9F25BFBA5EF57C77B57EECDA23B9D5CB0D129B5684215C8DD45300B8A611926C3A593FF6447454F7B0A97B6FBC010C9B82DF8B1D
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M1.16071 0C4.77679 0 8.37054 0 11.9866 0C12.0089 0 12.0089 0.0223228 12.0312 0.0223228C12.7232 0.156251 13.1696 0.647323 13.1696 1.36161C13.1696 5.44643 13.1696 9.55357 13.1696 13.6384C13.1696 14.4196 12.5893 15 11.808 15C8.32589 15 4.84375 15 1.36161 15C1.16071 15 0.937499 14.9554 0.758927 14.8661C0.223213 14.6205 0 14.1741 0 13.5938C0 10.8705 0 8.14732 0 5.42411C0 4.08482 0 2.72322 0 1.38393C0 0.959823 0.156249 0.580358 0.491071 0.3125C0.669642 0.133929 0.915178 0.0446429 1.16071 0ZM12.2768 7.47768C12.2768 5.46875 12.2768 3.4375 12.2768 1.42857C12.2768 1.02679 12.1205 0.870536 11.7188 0.870536C8.28125 0.870536 4.84375 0.870536 1.42857 0.870536C1.02678 0.870536 0.870534 1.02679 0.870534 1.42857C0.870534 5.46875 0.870534 9.50893 0.870534 13.5491C0.870534 13.9509 1.02678 14.1071 1.42857 14.1071C4.86607 14.1071 8.30357 14.1071 11.7188 14.1071C12.1205 14.1071 12.2768 13.9509 12.2768 1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_calculator_white.cdac319f.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2823
                                                                                                                    Entropy (8bit):4.491649868709728
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:cSA+fE1jgL58sH7b8NaRB0sKWDvFqfsGzlaQSUU+m2ALAX92VHcX12rtDkU5:W+fom1bbgEB0sKWDgUwlaMU+m2ALAt2d
                                                                                                                    MD5:0F2E1681746D0E29CF14FE6D88B557D7
                                                                                                                    SHA1:BB983801F298AF8693088BC47C6B62C5640D0BDF
                                                                                                                    SHA-256:E958BEC8452B258F1A9103B8C5CA2ABE6ADDA0FA0F6D1D443E5122CF79BA1CB9
                                                                                                                    SHA-512:C9BEBE4EBAE0C26B0355FEAEADA465CB111C740E2251279ABFBDC722C6E5A2B5780D136E23F256FD8B9A5013588789EA74021E11E472CDC4C181A57978889179
                                                                                                                    Malicious:false
                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 14 15" style="enable-background:new 0 0 14 15;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M1.2,0C4.8,0,8.4,0,12,0c0,0,0,0,0,0c0.7,0.1,1.1,0.6,1.1,1.3c0,4.1,0,8.2,0,12.3c0,0.8-0.6,1.4-1.4,1.4....c-3.5,0-7,0-10.4,0c-0.2,0-0.4,0-0.6-0.1C0.2,14.6,0,14.2,0,13.6c0-2.7,0-5.4,0-8.2c0-1.3,0-2.7,0-4C0,1,0.2,0.6,0.5,0.3....C0.7,0.1,0.9,0,1.2,0z M12.3,7.5c0-2,0-4,0-6c0-0.4-0.2-0.6-0.6-0.6c-3.4,0-6.9,0-10.3,0C1,0.9,0.9,1,0.9,1.4c0,4,0,8.1,0,12.1....c0,0.4,0.2,0.6,0.6,0.6c3.4,0,6.9,0,10.3,0c0.4,0,0.6-0.2,0.6-0.6C12.3,11.5,12.3,9.5,12.3,7.5z"/>...<path class="st0" d="M6.6,1.8c1.4,0,2.9,0,4.3,0c0.4,0,0.5,0.2,0.5,0.5c0,1.1,0,2.3,0,3.4c0,0.4-0.2,0.5-0.5,0.5....c-2.9,

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_check_gray.fc098a35.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):854
                                                                                                                    Entropy (8bit):4.266600052838456
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:twdvCuJNOLLgF1Q+HmplV5c0L/IgT6REUXvdZSz0LU:6dYAuZZrIgTJOvfy0Q
                                                                                                                    MD5:6D54B2DFCD9A05985B1D2BDDFD513F60
                                                                                                                    SHA1:DE6A21F663DB8895ADC4DB91BBD08A279301322F
                                                                                                                    SHA-256:5586C361B2D63F488784A4140DBCC1A5D81FEB5ECB747CFCB420597D325F47BC
                                                                                                                    SHA-512:E9A6C7ED962B0972E2DD333DA6340D721BF9BD4840B50E8D8A074AF315D2C3ED5502415856FD888FC3CD35116E013E18450EEFB8DD11BB03E9829CB886A8EDED
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="20" height="16" viewBox="0 0 20 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20 1.27078C19.8339 1.53302 19.6923 1.81505 19.492 2.04761C15.6234 6.5403 11.7451 11.0231 7.87163 15.5109C7.43202 16.0205 6.90938 16.1392 6.42092 15.8325C6.31346 15.7632 6.21577 15.6692 6.12785 15.5752C4.19356 13.4971 2.26904 11.409 0.334758 9.33092C-0.310005 8.63822 0.0514528 7.68327 0.784137 7.50515C1.13583 7.42103 1.45821 7.48535 1.73174 7.73275C1.85386 7.8416 1.96132 7.9653 2.07366 8.08405C3.66603 9.80592 5.26328 11.5278 6.85565 13.2497C6.88007 13.2744 6.89472 13.2991 6.9338 13.3437C7.00707 13.2596 7.07545 13.1903 7.13407 13.1161C10.7877 8.89551 14.4414 4.66505 18.0901 0.434588C18.5737 -0.124525 19.3162 -0.149265 19.7509 0.390057C19.8632 0.528598 19.917 0.711671 20 0.870004C20 1.00855 20 1.13719 20 1.27078Z" fill="#444444"/>..</svg>..

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_check_white.f080410d.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):852
                                                                                                                    Entropy (8bit):4.275850671375772
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:twdvCuJNOLLgF1Q+HmplV5c0L/IgT6REUXvdZSz0LHA:6dYAuZZrIgTJOvfy00
                                                                                                                    MD5:2CCC89303FC39BE9450730A8B415E094
                                                                                                                    SHA1:F2E2BEB598038D58CC094C1AD1DEA58F2BB5F1BE
                                                                                                                    SHA-256:E7503A4E3E81C886FAF1B512F0BA5A409927D8B192E329FF1BB6882816B6FA85
                                                                                                                    SHA-512:D0E5C8118C813E786555CC2CD73D7D9BA0457A163E1D1F9B357A00A13DACCDC8E2963441C4CAFB07B960AF2980AF908E511DC74BC3BEDC3F5CCD25C7BD33EC08
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="20" height="16" viewBox="0 0 20 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20 1.27078C19.8339 1.53302 19.6923 1.81505 19.492 2.04761C15.6234 6.5403 11.7451 11.0231 7.87163 15.5109C7.43202 16.0205 6.90938 16.1392 6.42092 15.8325C6.31346 15.7632 6.21577 15.6692 6.12785 15.5752C4.19356 13.4971 2.26904 11.409 0.334758 9.33092C-0.310005 8.63822 0.0514528 7.68327 0.784137 7.50515C1.13583 7.42103 1.45821 7.48535 1.73174 7.73275C1.85386 7.8416 1.96132 7.9653 2.07366 8.08405C3.66603 9.80592 5.26328 11.5278 6.85565 13.2497C6.88007 13.2744 6.89472 13.2991 6.9338 13.3437C7.00707 13.2596 7.07545 13.1903 7.13407 13.1161C10.7877 8.89551 14.4414 4.66505 18.0901 0.434588C18.5737 -0.124525 19.3162 -0.149265 19.7509 0.390057C19.8632 0.528598 19.917 0.711671 20 0.870004C20 1.00855 20 1.13719 20 1.27078Z" fill="white"/>..</svg>..

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_clipboard_gray.c8a9351b.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4743
                                                                                                                    Entropy (8bit):3.9546492458044593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:WvGuaiHhGE3LbNnWnbzPPFUKEcgVGoa59g04szf5u48xMg3vf:WOhiHJe3PPFUhc4Go8s6fAks
                                                                                                                    MD5:386F6BF2308D42F9D6E2B56C6BFB0C51
                                                                                                                    SHA1:F59465E5D827949B20728DE697019C28F3E58C78
                                                                                                                    SHA-256:4091F05BAFD814DA9D094477C087FEBAD0ADBC9910CFF507EEAC4B58FD207139
                                                                                                                    SHA-512:FB972C58B6B05BFF4D625807B675855C3CD4112D798361DCDAFD8F26521684FAA69EEEC380043DB21759EE51727315BB2632AFE03CB3CB57AB684D5CD9A065D8
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="11" height="15" viewBox="0 0 11 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.19271 0C8.45052 0.0894632 8.65104 0.238569 8.73698 0.53678C8.76563 0.626243 8.76563 0.745525 8.76563 0.864809C8.88021 0.864809 8.99479 0.864809 9.08073 0.864809C9.33854 0.864809 9.59635 0.864813 9.82552 0.924455C10.513 1.07356 10.9714 1.72962 11 2.44533C11 2.80318 11 3.16103 11 3.51889C11 6.76938 11 10.0497 11 13.3002C11 13.9861 10.7135 14.5229 10.112 14.8509C9.91146 14.9404 9.68229 15 9.45313 15C6.81771 15 4.18229 15 1.51823 15C0.658851 15 0 14.2843 0 13.3598C0 11.004 0 8.61829 0 6.26242C0 5.03976 0 3.78728 0 2.56461C0 1.84891 0.286453 1.31213 0.916662 1.01391C1.11718 0.924451 1.375 0.89463 1.60417 0.864809C1.80469 0.834988 2.03385 0.864809 2.26302 0.864809C2.26302 0.805167 2.26302 0.745525 2.26302 0.715704C2.29167 0.387672 2.4349 0.149107 2.72135 0.0298229C2.75 0.0298229 2.77864 0 2.80729 0C4.64062 0 6.41667 0 8.19271 0ZM2.29167 1.75944C2.09115 1.75944 1.89062 1.75944 1.6901 1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_clipboard_white.2afacb39.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4729
                                                                                                                    Entropy (8bit):3.9826071199242548
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:WvGuaiHhGE3LbNnWnuzUPFUKEcpVGda59g04Rzf5u47xMg3vc:WOhiHJegUPFUhc7Gd8slfA9X
                                                                                                                    MD5:7B3329DB8105F1C10A0432343AA96772
                                                                                                                    SHA1:4AC72B85DCF695F50F6DD28A37B98A21DBAB0AF3
                                                                                                                    SHA-256:50FDF658E0D765F71D1265B574BA6EE514AF0BFC6057CEAC817E84906BA1A627
                                                                                                                    SHA-512:6E844379BDE23E22A19739B405F8193ABFE0C1A640D46C0004747CDBC41228B5E6C4A0428479EC38DDD1A7D60BAE247E44E05877357F3BDFE6BFB53592F1B5E1
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="11" height="15" viewBox="0 0 11 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.19271 0C8.45052 0.0894632 8.65104 0.238569 8.73698 0.53678C8.76563 0.626243 8.76563 0.745525 8.76563 0.864809C8.88021 0.864809 8.99479 0.864809 9.08073 0.864809C9.33854 0.864809 9.59635 0.864813 9.82552 0.924455C10.513 1.07356 10.9714 1.72962 11 2.44533C11 2.80318 11 3.16103 11 3.51889C11 6.76938 11 10.0497 11 13.3002C11 13.9861 10.7135 14.5229 10.112 14.8509C9.91146 14.9404 9.68229 15 9.45313 15C6.81771 15 4.18229 15 1.51823 15C0.658851 15 0 14.2843 0 13.3598C0 11.004 0 8.61829 0 6.26242C0 5.03976 0 3.78728 0 2.56461C0 1.84891 0.286453 1.31213 0.916662 1.01391C1.11718 0.924451 1.375 0.89463 1.60417 0.864809C1.80469 0.834988 2.03385 0.864809 2.26302 0.864809C2.26302 0.805167 2.26302 0.745525 2.26302 0.715704C2.29167 0.387672 2.4349 0.149107 2.72135 0.0298229C2.75 0.0298229 2.77864 0 2.80729 0C4.64062 0 6.41667 0 8.19271 0ZM2.29167 1.75944C2.09115 1.75944 1.89062 1.75944 1.6901 1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_cross_gray_2.01bfd543.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1592
                                                                                                                    Entropy (8bit):4.004290849514056
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:tVvnjuJt7JBGAYIhm2mrLaqtQuFSgjmBwaonaOSvxZG2LvwuZ3+DExmbRlpQmNcs:rn6zGIkJrLTFVmKoZJLQ4gRCai6fWM
                                                                                                                    MD5:D9F81AE3849F84F6F219B2831F088247
                                                                                                                    SHA1:A0F7835AA9CD1261E3E2839B41055A3DD24A8637
                                                                                                                    SHA-256:DA9DFE3D7B3033B518E8E2BD6C708A0F30F28E6013E696F8CEF108D2B64E0F35
                                                                                                                    SHA-512:21D60604A97B9C084D924EA8C3C258990F818F2D44621C5F7D14380736BCF05ACDFF0DF31C5F9E71EAF68977FD2CA790E57AA6FFBF803DE1F88A45FAEBD3587F
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.930186 15.0723C0.877158 14.88 0.80093 14.6911 0.784359 14.4956C0.761161 14.1741 0.933506 13.9288 1.15225 13.7101C2.94199 11.9204 4.73173 10.1306 6.52146 8.34088C6.58112 8.28122 6.64078 8.22156 6.72032 8.14202C6.65072 8.07242 6.59438 8.01608 6.53472 7.95642C4.77152 6.19322 3.01494 4.42338 1.24511 2.67344C0.800997 2.23595 0.638599 1.78189 0.933576 1.20851C1.02638 1.11571 1.11918 1.02291 1.20866 0.933425C1.4009 0.880395 1.58981 0.804165 1.78535 0.787593C2.10684 0.764391 2.3521 0.936733 2.57085 1.15548C4.36056 2.94519 6.15028 4.73491 7.94331 6.52795C8.00297 6.5876 8.06263 6.64726 8.14217 6.7268C8.21177 6.6572 8.26812 6.60086 8.32777 6.5412C10.1275 4.74152 11.9271 2.94184 13.7268 1.14216C14.1312 0.73781 14.6151 0.671521 15.0525 0.943292C15.5165 1.23495 15.6458 1.88787 15.3309 2.3353C15.258 2.43473 15.1752 2.52422 15.0857 2.61371C13.3092 4.39019 11.5327 6.16667 9.75623 7.94315C9.69658

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_cross_white_2.05921d5e.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1590
                                                                                                                    Entropy (8bit):4.012220474436418
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:tVvnjuJt7JBGAYIhm2mrLaqtQuFSgjmBwaonaOSvxZG2LvwuZ3+DExmbRlpQmNcX:rn6zGIkJrLTFVmKoZJLQ4gRCai6fQ
                                                                                                                    MD5:4DB5D94C4F838E720E17332EDF740EBC
                                                                                                                    SHA1:D28ED3AD9E3A5EFE37DD1012C5F9F1E494C32883
                                                                                                                    SHA-256:52151748BF54BE05AD5D26EB0FE3209E5EAFDEDB04AF6F1EB80D758E375A3E6C
                                                                                                                    SHA-512:8264399F4119897182DFA43EA447DA2EF80ED6451677A66C12ECC4547BDCBD0762AA11CC3D89E948A32CA1C4B59952B267B2FADBDCB84A827E7DB2D66777837C
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.930186 15.0723C0.877158 14.88 0.80093 14.6911 0.784359 14.4956C0.761161 14.1741 0.933506 13.9288 1.15225 13.7101C2.94199 11.9204 4.73173 10.1306 6.52146 8.34088C6.58112 8.28122 6.64078 8.22156 6.72032 8.14202C6.65072 8.07242 6.59438 8.01608 6.53472 7.95642C4.77152 6.19322 3.01494 4.42338 1.24511 2.67344C0.800997 2.23595 0.638599 1.78189 0.933576 1.20851C1.02638 1.11571 1.11918 1.02291 1.20866 0.933425C1.4009 0.880395 1.58981 0.804165 1.78535 0.787593C2.10684 0.764391 2.3521 0.936733 2.57085 1.15548C4.36056 2.94519 6.15028 4.73491 7.94331 6.52795C8.00297 6.5876 8.06263 6.64726 8.14217 6.7268C8.21177 6.6572 8.26812 6.60086 8.32777 6.5412C10.1275 4.74152 11.9271 2.94184 13.7268 1.14216C14.1312 0.73781 14.6151 0.671521 15.0525 0.943292C15.5165 1.23495 15.6458 1.88787 15.3309 2.3353C15.258 2.43473 15.1752 2.52422 15.0857 2.61371C13.3092 4.39019 11.5327 6.16667 9.75623 7.94315C9.69658

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_dashboard_gray.3a181243.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4264
                                                                                                                    Entropy (8bit):3.894045254391696
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:+JHedx8iSdAwpGi30T09xMR99wgr+rBKD0iMt9V0BG:+JM+v+0fswcDMt9VgG
                                                                                                                    MD5:E25CBB3FF275E58AF7891E0B857550A1
                                                                                                                    SHA1:5FA0E6C032B080FC7A2E37ACADAA46D7F7AB04E2
                                                                                                                    SHA-256:25FFBB8EEAC1F9A707570095599CE2349846836631CB2233D8273B4180425213
                                                                                                                    SHA-512:BE2E449A4E86B723CA3881547F2CF11A305269EDE4DCB62EB94EEF44FC72E99EB0AE95B253735BD69BF10E814512B93AD8420193AF13598D0CEC987AA5F2A6C2
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="20" height="21" viewBox="0 0 20 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20.0001 10.7624L19.9644 10.7985C19.7505 11.593 19.2514 11.9903 18.4315 11.9903C16.542 11.9903 14.6525 11.9903 12.763 11.9903C12.6204 11.9903 12.5135 11.9903 12.3709 11.9903C11.4796 11.9903 10.8379 11.3402 10.8379 10.4374C10.8379 9.78739 10.8379 9.17347 10.8379 8.52344C10.8379 6.32057 10.8379 4.1538 10.8379 1.95092C10.8379 0.903652 11.1231 0.506411 12.0857 0.181396C14.3316 0.181396 16.542 0.181396 18.788 0.181396C19.1088 0.289735 19.4653 0.434186 19.6436 0.723088C19.7862 0.939764 19.8575 1.19255 19.9644 1.44534C20.0001 4.58715 20.0001 7.69285 20.0001 10.7624ZM18.7523 6.14C18.7523 4.69549 18.7523 3.28709 18.7523 1.84258C18.7523 1.55368 18.7167 1.51757 18.4315 1.51757C16.435 1.51757 14.4386 1.51757 12.4422 1.51757C12.157 1.51757 12.0857 1.55368 12.0857 1.84258C12.0857 4.69549 12.0857 7.58451 12.0857 10.4374C12.0857 10.7263 12.157 10.7985 12.4422 10.7985C14.4386 10.7985 16.435 10.7985

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_dashboard_white.a91ae220.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4238
                                                                                                                    Entropy (8bit):3.914834455290012
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:bMT1fU8EHCzbublIDQqirLwl4w1y97ZgILgzB:bS1giubk6kwtgILgzB
                                                                                                                    MD5:2A64F22D46EF697D361BC13F4E5EC382
                                                                                                                    SHA1:8F4277EA88024B458509538814E3A50BD20F0F04
                                                                                                                    SHA-256:33629801FE35C15E2803A47C1ED0B8E21F38114119F05D64EBD65E5DA246B7CA
                                                                                                                    SHA-512:6A9FC6FC4526D36FC259BF104F35418FB0914E32314975666E8EF01BC1D940263CC2F3109051E112A26A7FE42895762729F3FF5DC1E4C6D8ADF2A0E1CFD410E9
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20.0001 10.4456L19.9644 10.4813C19.7505 11.2656 19.2514 11.6578 18.4315 11.6578C16.542 11.6578 14.6525 11.6578 12.763 11.6578C12.6204 11.6578 12.5135 11.6578 12.3709 11.6578C11.4796 11.6578 10.8379 11.016 10.8379 10.1248C10.8379 9.48307 10.8379 8.87701 10.8379 8.23529C10.8379 6.06061 10.8379 3.92157 10.8379 1.74688C10.8379 0.713012 11.1231 0.320856 12.0857 0C14.3316 0 16.542 0 18.788 0C19.1088 0.106952 19.4653 0.249554 19.6436 0.534759C19.7862 0.748663 19.8575 0.998217 19.9644 1.24777C20.0001 4.34938 20.0001 7.41533 20.0001 10.4456ZM18.7523 5.88235C18.7523 4.45633 18.7523 3.06595 18.7523 1.63993C18.7523 1.35472 18.7167 1.31907 18.4315 1.31907C16.435 1.31907 14.4386 1.31907 12.4422 1.31907C12.157 1.31907 12.0857 1.35472 12.0857 1.63993C12.0857 4.45633 12.0857 7.30838 12.0857 10.1248C12.0857 10.41 12.157 10.4813 12.4422 10.4813C14.4386 10.4813 16.435 10.4813 18.4315 10.4813C18.7167

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gamepad_gray.d7229273.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6098
                                                                                                                    Entropy (8bit):3.8868971852897896
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:2masVg2zPxVlBJr0GVdGrp7YAFPa6aswXXoluwFw0wsOVmc0BLMpHLJklLMp+sLQ:+sVg2zPxjjVdgpMAFPaJ3HoluwFw0wVq
                                                                                                                    MD5:8EBCB6408685047BE3BD1996D4000EE4
                                                                                                                    SHA1:F16881FF86F16B8C4D725E17584ECE870CD6727F
                                                                                                                    SHA-256:BA281665918CA2AB863CE98626153153931F2D99FEE645F7479118F91C66C9F2
                                                                                                                    SHA-512:276FD1A09BDE77261210114F5FE6E3C796DAA6C85183CC206200B9BB0D148AB914981AE162A0D9FF901171A394A98708E672A8C002FDBEB4138488BF80944C5F
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="16" height="11" viewBox="0 0 16 11" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M16 8.62987C15.9472 8.92217 15.9117 9.21777 15.8394 9.50569C15.7505 9.90773 15.5371 10.275 15.2269 10.56C14.6695 11.057 13.8597 11.138 13.1554 10.7669C12.6421 10.4875 12.1924 10.1131 11.8329 9.66553C11.4245 9.17616 11.0495 8.66271 10.6675 8.15364C10.6453 8.11432 10.6121 8.08164 10.5716 8.05922C10.5311 8.0368 10.4849 8.02553 10.4381 8.02664C8.81238 8.03102 7.18705 8.03102 5.5621 8.02664C5.51686 8.02284 5.47145 8.03194 5.43163 8.0528C5.39182 8.07365 5.35938 8.10532 5.33844 8.14378C4.90194 8.82765 4.38931 9.46449 3.80946 10.0432C3.47452 10.3927 3.06867 10.6735 2.61655 10.8687C2.2413 11.0212 1.82147 11.0416 1.43196 10.9261C1.04246 10.8106 0.708611 10.5667 0.489974 10.2381C0.217225 9.81192 0.0595757 9.32778 0.0311659 8.82912C-0.0766541 7.71682 0.109163 6.6286 0.375272 5.55243C0.728555 4.12921 1.22177 2.74649 1.97078 1.46231C2.19701 1.09466 2.45605 0.746321 2.74502 0.421172C2.85915 0.287

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gamepad_white.25a7995d.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6086
                                                                                                                    Entropy (8bit):3.9063223215918432
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:2masVg2zPxVlBJr0GVdGrp7YAFPa6RswXXoluwFw0wsOVmc0BLMpHLQklLxp+bLC:+sVg2zPxjjVdgpMAFPaq3HoluwFw0wVt
                                                                                                                    MD5:048482A7B181541A174551C016205A44
                                                                                                                    SHA1:5A5C2E2F813768E3C3C096ABDB209F55C5F2FCE3
                                                                                                                    SHA-256:968A15C711DA89D4A150521A1889633C5967731EAB81C6A14DFFA352B325BC7E
                                                                                                                    SHA-512:873070DE6578A9751FB2718F2C73E6ED8FA15F0C76C34D03E0A359658F5B885EFC5388DDDFB458CCFB99D44025983EAFCD595DE7C6218F1DAC81228D75F40F4C
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="16" height="11" viewBox="0 0 16 11" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M16 8.62987C15.9472 8.92217 15.9117 9.21777 15.8394 9.50569C15.7505 9.90773 15.5371 10.275 15.2269 10.56C14.6695 11.057 13.8597 11.138 13.1554 10.7669C12.6421 10.4875 12.1924 10.1131 11.8329 9.66553C11.4245 9.17616 11.0495 8.66271 10.6675 8.15364C10.6453 8.11432 10.6121 8.08164 10.5716 8.05922C10.5311 8.0368 10.4849 8.02553 10.4381 8.02664C8.81238 8.03102 7.18705 8.03102 5.5621 8.02664C5.51686 8.02284 5.47145 8.03194 5.43163 8.0528C5.39182 8.07365 5.35938 8.10532 5.33844 8.14378C4.90194 8.82765 4.38931 9.46449 3.80946 10.0432C3.47452 10.3927 3.06867 10.6735 2.61655 10.8687C2.2413 11.0212 1.82147 11.0416 1.43196 10.9261C1.04246 10.8106 0.708611 10.5667 0.489974 10.2381C0.217225 9.81192 0.0595757 9.32778 0.0311659 8.82912C-0.0766541 7.71682 0.109163 6.6286 0.375272 5.55243C0.728555 4.12921 1.22177 2.74649 1.97078 1.46231C2.19701 1.09466 2.45605 0.746321 2.74502 0.421172C2.85915 0.287

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gear_gray.545673b6.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6801
                                                                                                                    Entropy (8bit):3.7386877939405805
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:VPxlcoEiWxAGY/Eetsf/k9aLNyh6JwpM2LkgL8en:Jx2CyAhtsE9aZLT/gv
                                                                                                                    MD5:6DD649E7B024D0758023476637791EFF
                                                                                                                    SHA1:47EAC14A729C1A1C314C644BD28FA8C7D8B6D24D
                                                                                                                    SHA-256:663F3C16A7075FF42266008720D8D859F54E366040496F95E828E892DCAE6A7E
                                                                                                                    SHA-512:3887A01D6329B979A683A6322508FD75C6C66369605133FBFA373E503CC2A199204002E5FEB382D163D67CB2DFBCD698AFB57C770916C1A5B6BB592261A1FE7C
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.56484 0C10.1938 0 10.8227 0 11.4516 0C11.4734 0.0109432 11.4953 0.0273583 11.5227 0.0328299C12.3539 0.207921 12.9336 0.798855 13.0703 1.63054C13.1031 1.82204 13.0977 2.02449 13.0922 2.22147C13.0922 2.33637 13.125 2.38562 13.2344 2.42392C13.4859 2.51147 13.732 2.60995 13.9781 2.71391C14.1203 2.7741 14.2734 2.90542 14.4047 2.88901C14.5305 2.86712 14.6344 2.6975 14.7492 2.58807C15.5203 1.86582 16.6469 1.8494 17.418 2.57165C17.7789 2.90542 18.1289 3.2556 18.457 3.61673C18.8891 4.09276 19.0367 4.65633 18.9164 5.29104C18.8398 5.71782 18.6156 6.06253 18.3094 6.358C18.0742 6.58781 18.0797 6.58781 18.2109 6.8778C18.3148 7.10761 18.4133 7.34289 18.5008 7.57817C18.6266 7.91193 18.6211 7.91193 18.9766 7.91193C19.8516 7.91741 20.5461 8.35513 20.8523 9.11569C20.9125 9.25795 20.9508 9.41115 21 9.55889C21 10.1881 21 10.8174 21 11.4466C20.9836 11.4904 20.9672 11.5341 20.9563 11.5779C20.8141 12.1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gear_white.2bba31c1.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6797
                                                                                                                    Entropy (8bit):3.744755737482207
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:VPxlcoEiWxAGY/Eetsf/k9aLNyh6JwpM2LkgLbe0:Jx2CyAhtsE9aZLT/gV
                                                                                                                    MD5:C29E6ED919C2A6DE97D06B2AE745DE71
                                                                                                                    SHA1:D5FBD0DBFBD471CE494FD822C8846D4460BD1545
                                                                                                                    SHA-256:2B35B1B5EAB5E23F2FE6E3B1178A81933241006D56FC2731E40323B5E6AEE94A
                                                                                                                    SHA-512:07C65E7CB30FA0D0B8054EDAB7AA9AA0625826C4327681E14AC06849C7DBD0722F2487D9564ADCF2CDF819352E78492B65620C0352F043818D4839674D21B2F0
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.56484 0C10.1938 0 10.8227 0 11.4516 0C11.4734 0.0109432 11.4953 0.0273583 11.5227 0.0328299C12.3539 0.207921 12.9336 0.798855 13.0703 1.63054C13.1031 1.82204 13.0977 2.02449 13.0922 2.22147C13.0922 2.33637 13.125 2.38562 13.2344 2.42392C13.4859 2.51147 13.732 2.60995 13.9781 2.71391C14.1203 2.7741 14.2734 2.90542 14.4047 2.88901C14.5305 2.86712 14.6344 2.6975 14.7492 2.58807C15.5203 1.86582 16.6469 1.8494 17.418 2.57165C17.7789 2.90542 18.1289 3.2556 18.457 3.61673C18.8891 4.09276 19.0367 4.65633 18.9164 5.29104C18.8398 5.71782 18.6156 6.06253 18.3094 6.358C18.0742 6.58781 18.0797 6.58781 18.2109 6.8778C18.3148 7.10761 18.4133 7.34289 18.5008 7.57817C18.6266 7.91193 18.6211 7.91193 18.9766 7.91193C19.8516 7.91741 20.5461 8.35513 20.8523 9.11569C20.9125 9.25795 20.9508 9.41115 21 9.55889C21 10.1881 21 10.8174 21 11.4466C20.9836 11.4904 20.9672 11.5341 20.9563 11.5779C20.8141 12.1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_notification_gray.e0145c50.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3605
                                                                                                                    Entropy (8bit):3.914389459303166
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:FIQXafQMoWADNaEoUFXMl10h+DNs9eKjrOIntIE:F7XgiDNaEvs1SGCrOItB
                                                                                                                    MD5:477A237F6AE8615FA3C957919C161FFC
                                                                                                                    SHA1:735FF4EB4377A45B2D2D5A8E7C305F6B6AF287C7
                                                                                                                    SHA-256:A676CCE75141D03F6264C5D65398BE6021379FEF9A2BB25BA64549EFB8066B42
                                                                                                                    SHA-512:5663DA1BF748E3A62A4D5919C4E1FEFE95DF60AB46E9DA6C03B6417854CC9A516F38C5EA14AB21A775EA9D3BA0630D830AF7379CC62FC17E84EA18B402666D30
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M13.98 6.12847C13.98 6.2105 13.9925 6.29644 13.9759 6.37457C13.9344 6.59722 13.7107 6.75347 13.4828 6.73394C13.2424 6.71441 13.0601 6.53082 13.0559 6.28863C13.0476 5.76519 12.9813 5.24957 12.828 4.74175C12.5504 3.82379 12.0614 3.0191 11.3611 2.3316C11.1042 2.0816 11.0793 1.81597 11.2906 1.62457C11.502 1.43316 11.7838 1.47222 12.0365 1.72222C13.0684 2.74175 13.6982 3.94488 13.9179 5.33941C13.9593 5.60113 13.9717 5.86285 14.0007 6.12457C13.9883 6.12847 13.9842 6.12847 13.98 6.12847Z" fill="#494444"/>..<path d="M7.1786 0C7.39409 0.0859375 7.63029 0.148438 7.82505 0.269531C8.19386 0.503906 8.37205 0.859375 8.38863 1.28125C8.39691 1.5 8.38863 1.71875 8.38863 1.94141C8.59582 2.01953 8.79887 2.08203 8.99364 2.17188C10.7879 3.01563 11.7369 4.38281 11.8074 6.27734C11.8322 6.92969 11.7991 7.58594 11.8405 8.23828C11.9275 9.54297 12.4041 10.7187 13.2163 11.7734C13.3986 12.0078 13.6058 12.2305

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_notification_white.addda272.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3599
                                                                                                                    Entropy (8bit):3.928807214825618
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:FIQXafQMoW3DNaEoUFXMl10h+DNs9eKjrOIutI/:F7XgZDNaEvs1SGCrOIUu
                                                                                                                    MD5:89DD3B8D872E8E8E8D51B3CD29C77023
                                                                                                                    SHA1:E4D6DAA5097FFE044C8DF59692FC2F3ABCF45668
                                                                                                                    SHA-256:A2DC2F231B7A3492ABCED87D8F1953CF313CFE3CDD32B38FEC3F6EDD270A26FD
                                                                                                                    SHA-512:4E731CF642CBC3BEBC5C858073336B6D923227B690253378A47B8A5220E2F28EFC8D2D6602728F1DC2D13ED5EB95B5F889813FE89BBA7E55A6A487F01E510203
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M13.98 6.12847C13.98 6.2105 13.9925 6.29644 13.9759 6.37457C13.9344 6.59722 13.7107 6.75347 13.4828 6.73394C13.2424 6.71441 13.0601 6.53082 13.0559 6.28863C13.0476 5.76519 12.9813 5.24957 12.828 4.74175C12.5504 3.82379 12.0614 3.0191 11.3611 2.3316C11.1042 2.0816 11.0793 1.81597 11.2906 1.62457C11.502 1.43316 11.7838 1.47222 12.0365 1.72222C13.0684 2.74175 13.6982 3.94488 13.9179 5.33941C13.9593 5.60113 13.9717 5.86285 14.0007 6.12457C13.9883 6.12847 13.9842 6.12847 13.98 6.12847Z" fill="white"/>..<path d="M7.1786 0C7.39409 0.0859375 7.63029 0.148438 7.82505 0.269531C8.19386 0.503906 8.37205 0.859375 8.38863 1.28125C8.39691 1.5 8.38863 1.71875 8.38863 1.94141C8.59582 2.01953 8.79887 2.08203 8.99364 2.17188C10.7879 3.01563 11.7369 4.38281 11.8074 6.27734C11.8322 6.92969 11.7991 7.58594 11.8405 8.23828C11.9275 9.54297 12.4041 10.7187 13.2163 11.7734C13.3986 12.0078 13.6058 12.2305 13

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_screenshot_gray.01873dbe.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2232
                                                                                                                    Entropy (8bit):3.9969278840420657
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:h3bDj6YrB+De50bRzctlW9MMCQ1zzC0lm6xM:1Dj6YsymRzpCTQ1zzC0li
                                                                                                                    MD5:73CD1627E147A8EAD813AD7201D75876
                                                                                                                    SHA1:9873BA2A53794A91E4DFB617D0D713DCC1EF5AFA
                                                                                                                    SHA-256:27AF99AEF7A11E5806946F03234615F4F96576936C87BF3E256572AD6D35BB3B
                                                                                                                    SHA-512:5EE5A96FC914E6D2E4481003B817F8CFA647C447CBA2254EB83EC75E606DACBDA1520D0C0CAF789103B53FC47CB825539748E703CAC99D41BB02A1E64711C7CA
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="12" height="14" viewBox="0 0 12 14" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M7.09854 10.2731C7.43835 9.88812 7.85096 9.62347 8.33639 9.50318C9.59851 9.19042 10.8849 9.98435 11.1519 11.2595C11.4189 12.5105 10.5451 13.7615 9.25871 13.954C7.94805 14.1705 6.73447 13.2323 6.61311 11.9331C6.58884 11.7166 6.51602 11.476 6.44321 11.2595C6.17622 10.4415 5.90923 9.62347 5.66652 8.80548C5.64225 8.75736 5.64225 8.70924 5.61798 8.63707C5.59371 8.70924 5.56943 8.7333 5.54516 8.78142C5.22963 9.74376 4.9141 10.7302 4.62284 11.6925C4.5743 11.8369 4.5743 11.9812 4.55003 12.1496C4.30731 13.3285 3.19082 14.1465 2.02578 13.9781C0.763661 13.8097 -0.110117 12.727 0.0112413 11.5C0.108328 10.5618 0.642303 9.88812 1.54035 9.57535C2.4384 9.26259 3.23936 9.47912 3.91897 10.1287C3.96751 10.1768 4.01605 10.2249 4.0646 10.2731C4.08887 10.2249 4.11314 10.1768 4.11314 10.1287C5.15682 6.90485 6.17622 3.65694 7.2199 0.433091C7.29272 0.240623 7.3898 0.0722124 7.60825 0.0240953C7.97232 -0.048

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_screenshot_white.0e82acc2.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2228
                                                                                                                    Entropy (8bit):4.011244246624798
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:h3bDj6YrB+De50bRzctlWRMCQ1zzC0lm6t:1Dj6YsymRzpRTQ1zzC0lt
                                                                                                                    MD5:D4950E85D1EDD93F20A610F0B9575A1B
                                                                                                                    SHA1:6CF6227A85D9111DBBD9A23A2BBA528D31B591A2
                                                                                                                    SHA-256:4702B18CB5FAA0D6F56176EBE21011D2E994736BA0AFC52C961E3950F45E61EA
                                                                                                                    SHA-512:15B47F230A966FEFCBE1BA1BC6D700FACF7978B22A7913388C3269D13A140AA634364121473A7152997EE5146FC5BED9697C00D7018F025CEB6BFB3018C64ABD
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="12" height="14" viewBox="0 0 12 14" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M7.09854 10.2731C7.43835 9.88812 7.85096 9.62347 8.33639 9.50318C9.59851 9.19042 10.8849 9.98435 11.1519 11.2595C11.4189 12.5105 10.5451 13.7615 9.25871 13.954C7.94805 14.1705 6.73447 13.2323 6.61311 11.9331C6.58884 11.7166 6.51602 11.476 6.44321 11.2595C6.17622 10.4415 5.90923 9.62347 5.66652 8.80548C5.64225 8.75736 5.64225 8.70924 5.61798 8.63707C5.59371 8.70924 5.56943 8.7333 5.54516 8.78142C5.22963 9.74376 4.9141 10.7302 4.62284 11.6925C4.5743 11.8369 4.5743 11.9812 4.55003 12.1496C4.30731 13.3285 3.19082 14.1465 2.02578 13.9781C0.763661 13.8097 -0.110117 12.727 0.0112413 11.5C0.108328 10.5618 0.642303 9.88812 1.54035 9.57535C2.4384 9.26259 3.23936 9.47912 3.91897 10.1287C3.96751 10.1768 4.01605 10.2249 4.0646 10.2731C4.08887 10.2249 4.11314 10.1768 4.11314 10.1287C5.15682 6.90485 6.17622 3.65694 7.2199 0.433091C7.29272 0.240623 7.3898 0.0722124 7.60825 0.0240953C7.97232 -0.048

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_search_gray.ebbaf632.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):702
                                                                                                                    Entropy (8bit):4.39074490019929
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:trVzNtuJlzaTATxgOyh0DIAK+aV/E4Ypk8FnOp8DQBW:tZzNtuJoTcxyu6fV7KbFnPsBW
                                                                                                                    MD5:86893B121171A45F3494D301D57E80F1
                                                                                                                    SHA1:739B6A99982CE3F6BF792876E72A8413D1583072
                                                                                                                    SHA-256:4D8B0003A1DA38931E9BA26483D517CD59E62EA14759FC36F14B0F1EC558C6B8
                                                                                                                    SHA-512:CABD9B44F635F3A1C9C8054004DE318FC3F875F6FD81DB722CD49FD29912E0720B656DD1BA81A5FF8B63C728A81A9A393618E0D18B07227F2AC937A954D9FEB0
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.146939 11.1478L3.03184 8.26286C2.31673 7.39102 1.88571 6.27429 1.88571 5.05714C1.88571 2.26531 4.15102 0 6.94286 0C9.73714 0 12 2.26531 12 5.05714C12 7.84898 9.73714 10.1143 6.94286 10.1143C5.72571 10.1143 4.61143 9.68571 3.73959 8.97061L0.854693 11.8531C0.658775 12.049 0.342857 12.049 0.146939 11.8531C-0.0489798 11.6596 -0.0489798 11.3412 0.146939 11.1478ZM6.94286 9.10775C9.17878 9.10775 10.9959 7.29061 10.9959 5.05714C10.9959 2.82367 9.17878 1.00408 6.94286 1.00408C4.70939 1.00408 2.8898 2.82367 2.8898 5.05714C2.8898 7.29061 4.70939 9.10775 6.94286 9.10775Z" fill="#827A7A"/>..</svg>..

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_search_white.0c376446.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):700
                                                                                                                    Entropy (8bit):4.387297248681374
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:trVzNtuJlzaTATxgOyh0DIAK+aV/E4Ypk8FnOp8DQBiHAA:tZzNtuJoTcxyu6fV7KbFnPsBHA
                                                                                                                    MD5:C6D2A075413FDBCB286B77A97F9B6F13
                                                                                                                    SHA1:2DAA74C58338CAFE94A25CAB8FFB92253C140BCF
                                                                                                                    SHA-256:A71D66F5B6FAC238513DAA379BAEE5B35F24EC42050DC21E056BF08310042888
                                                                                                                    SHA-512:387762B3A3D0B7F694CF633926B3777AAA45DCA5A31DC7C095BC0B235B7D49CE5818BE76F2B032CF4E3031DEC520C5C67FAB879968C0F203E2A44EEA2EE0499F
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.146939 11.1478L3.03184 8.26286C2.31673 7.39102 1.88571 6.27429 1.88571 5.05714C1.88571 2.26531 4.15102 0 6.94286 0C9.73714 0 12 2.26531 12 5.05714C12 7.84898 9.73714 10.1143 6.94286 10.1143C5.72571 10.1143 4.61143 9.68571 3.73959 8.97061L0.854693 11.8531C0.658775 12.049 0.342857 12.049 0.146939 11.8531C-0.0489798 11.6596 -0.0489798 11.3412 0.146939 11.1478ZM6.94286 9.10775C9.17878 9.10775 10.9959 7.29061 10.9959 5.05714C10.9959 2.82367 9.17878 1.00408 6.94286 1.00408C4.70939 1.00408 2.8898 2.82367 2.8898 5.05714C2.8898 7.29061 4.70939 9.10775 6.94286 9.10775Z" fill="white"/>..</svg>..

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_support_gray.a272cc7a.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3466
                                                                                                                    Entropy (8bit):3.9394896115708424
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:qqr8WXm539LJck1/Syl7x6Ugu5mUctd2ji2REolr58DqJcgcBBs1Kmo6UZuEVlYd:4WXm53pJp/S86Uh58Gi2FV4ksShd
                                                                                                                    MD5:97A4CAA52C453393A3ACEDB7EB240010
                                                                                                                    SHA1:26353A64DD09BA4D0055D2F259266DABE7C1CC88
                                                                                                                    SHA-256:0A5439D793597DA248595B59290A41123A36BA90D47554ABE4E64147455BD86F
                                                                                                                    SHA-512:F1C236016CE294FDD70C584FAF045BF5DAF8DD4BBE2D453788CF78BB0397C61305C2C148651D9D8E52ECF08AF39264835781EF3A9496759870C7BA93A6BA2500
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.89765 0C10.3083 0 10.719 0 11.1297 0C11.1845 0.0136988 11.2392 0.0273993 11.294 0.0273993C12.7588 0.123291 14.1551 0.520555 15.442 1.23289C18.399 2.86305 20.206 5.34254 20.8357 8.67136C20.9179 9.06862 20.9452 9.47958 21 9.87685C21 10.2878 21 10.6988 21 11.1097C20.9863 11.1645 20.9726 11.233 20.9589 11.2878C20.8631 12.7536 20.4661 14.1372 19.7679 15.4249C18.1389 18.3838 15.661 20.1921 12.3344 20.8222C11.9374 20.9044 11.5267 20.9318 11.116 20.9866C10.6917 20.9866 10.2673 20.9866 9.84289 20.9866C9.59648 20.9592 9.35007 20.9318 9.08996 20.8907C7.78944 20.6989 6.57106 20.3154 5.42112 19.6852C5.33898 19.6441 5.20209 19.6304 5.10626 19.6578C4.59974 19.8085 4.10691 19.9729 3.60039 20.1373C2.72425 20.4249 1.8618 20.7126 0.985658 20.9866C0.87614 20.9866 0.766624 20.9866 0.657106 20.9866C0.328553 20.877 0.109518 20.6578 0 20.329C0 20.2195 0 20.1099 0 20.0003C0.0136897 19.9866 0.027379 19.9

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_support_white.66ecfc42.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3460
                                                                                                                    Entropy (8bit):3.951932320279216
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:qqr8WXm539LJck1qSyl7x6Ugu5mUctd2ji2REolr5RqJcgcBBs1Kmo63uEVlYanL:4WXm53pJpqS86Uh58Gi2FVLksSwa
                                                                                                                    MD5:7BBD80A02464154C092ACBE7DD328730
                                                                                                                    SHA1:C5E8862B03D566CCE19001910B1254D0293C1D9F
                                                                                                                    SHA-256:F6B4616A88E746054F75133B879556D769B8A16395EDE1EFC723112BD41E218B
                                                                                                                    SHA-512:53A0B00F505D6AC3B4E737540DD02036778BC89C521083352A20EE1E63136C4D72A9F6482752ADA6D8E415C6D384197FC393F5AED907A45F1209926DA9F80C48
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.89765 0C10.3083 0 10.719 0 11.1297 0C11.1845 0.0136988 11.2392 0.0273993 11.294 0.0273993C12.7588 0.123291 14.1551 0.520555 15.442 1.23289C18.399 2.86305 20.206 5.34254 20.8357 8.67136C20.9179 9.06862 20.9452 9.47958 21 9.87685C21 10.2878 21 10.6988 21 11.1097C20.9863 11.1645 20.9726 11.233 20.9589 11.2878C20.8631 12.7536 20.4661 14.1372 19.7679 15.4249C18.1389 18.3838 15.661 20.1921 12.3344 20.8222C11.9374 20.9044 11.5267 20.9318 11.116 20.9866C10.6917 20.9866 10.2673 20.9866 9.84289 20.9866C9.59648 20.9592 9.35007 20.9318 9.08996 20.8907C7.78944 20.6989 6.57106 20.3154 5.42112 19.6852C5.33898 19.6441 5.20208 19.6304 5.10626 19.6578C4.59974 19.8085 4.10691 19.9729 3.60039 20.1373C2.72425 20.4249 1.8618 20.7126 0.985658 20.9866C0.87614 20.9866 0.766624 20.9866 0.657106 20.9866C0.328553 20.877 0.109518 20.6578 0 20.329C0 20.2195 0 20.1099 0 20.0003C0.0136897 19.9866 0.027379 19.9

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_trash_gray.4f9b6bc3.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4403
                                                                                                                    Entropy (8bit):3.8960426134967934
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:sreYdijt0XCV30iqhzz9GaHPuPVsTasmBsoG2SuM2q6RW:saISGt95P6e2B4u7dW
                                                                                                                    MD5:360145CB691391CCC038500BAD652269
                                                                                                                    SHA1:4F2D87620766892151D6087962DCB08628FC1220
                                                                                                                    SHA-256:4E9DBDEE102A27F7B339857D9B888EB218E00456E42D1CE3747E4810DC4087C5
                                                                                                                    SHA-512:D2940AA1CBFC0ADE2AEFBCA312F077A23D84C7F4D1087D0D8FD87D9ADF7939AA9B2774AAE53B4A8F55AF4C946C7066193B5636FC44997F742B29A873E9EE5BEC
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="13" height="15" viewBox="0 0 13 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M4.62038 0C5.87329 0 7.12258 0 8.37549 0C8.39354 0.00732064 8.41159 0.0183016 8.42965 0.0219619C9.02541 0.124451 9.44425 0.560029 9.51285 1.16764C9.53451 1.35798 9.51646 1.55564 9.51646 1.76061C9.59951 1.76061 9.65006 1.76061 9.70422 1.76061C10.3577 1.76061 11.0149 1.75695 11.6684 1.76061C12.3111 1.76428 12.8202 2.17057 12.9647 2.78184C13.1019 3.34919 12.8311 3.97511 12.3003 4.23499C12.127 4.31918 12.08 4.42167 12.08 4.58638C12.08 4.59736 12.08 4.60469 12.0764 4.61567C11.9573 6.08712 11.8381 7.56223 11.719 9.03368C11.5962 10.5564 11.4698 12.0754 11.3471 13.5981C11.3182 13.9824 11.2207 14.3338 10.9391 14.6157C10.7296 14.8243 10.4697 14.9305 10.1917 15C7.72557 15 5.26308 15 2.79699 15C2.78977 14.9927 2.78255 14.9854 2.77533 14.9854C2.18318 14.8975 1.70657 14.396 1.65963 13.7299C1.59102 12.7928 1.50798 11.8521 1.43215 10.9151C1.33828 9.79136 1.24801 8.6713 1.15413 7.54758C1.07109 6.51

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_trash_white.1601c18d.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4395
                                                                                                                    Entropy (8bit):3.9130769273478307
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:sreYdijt0XCV30iqhzz9GaHPuPVs2asmBsVG2SuMnq6Rx:saISGt95P6eRB9uidx
                                                                                                                    MD5:B0F49189BE082A137803BEA947266CC9
                                                                                                                    SHA1:8733164F238BB6BC95614B91715408EA54C54E57
                                                                                                                    SHA-256:042BEFCC06513E3E81506FE03F28CA2986A11731A70F958D1F0CE0095924412F
                                                                                                                    SHA-512:B3E007E8284E32AA9B20BE9161CE7641F7953A23104C69265ADBB8E689CE683C0FED86DE8FC682B27C10EBAD10C0A6385EC58A7450F91D8A5541F54402EFECFF
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="13" height="15" viewBox="0 0 13 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M4.62038 0C5.87329 0 7.12258 0 8.37549 0C8.39354 0.00732064 8.41159 0.0183016 8.42965 0.0219619C9.02541 0.124451 9.44425 0.560029 9.51285 1.16764C9.53451 1.35798 9.51646 1.55564 9.51646 1.76061C9.59951 1.76061 9.65006 1.76061 9.70422 1.76061C10.3577 1.76061 11.0149 1.75695 11.6684 1.76061C12.3111 1.76428 12.8202 2.17057 12.9647 2.78184C13.1019 3.34919 12.8311 3.97511 12.3003 4.23499C12.127 4.31918 12.08 4.42167 12.08 4.58638C12.08 4.59736 12.08 4.60469 12.0764 4.61567C11.9573 6.08712 11.8381 7.56223 11.719 9.03368C11.5962 10.5564 11.4698 12.0754 11.3471 13.5981C11.3182 13.9824 11.2207 14.3338 10.9391 14.6157C10.7296 14.8243 10.4697 14.9305 10.1917 15C7.72557 15 5.26308 15 2.79699 15C2.78977 14.9927 2.78255 14.9854 2.77533 14.9854C2.18318 14.8975 1.70657 14.396 1.65963 13.7299C1.59102 12.7928 1.50798 11.8521 1.43215 10.9151C1.33828 9.79136 1.24801 8.6713 1.15413 7.54758C1.07109 6.51

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_turnoff_gray.a7446394.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1858
                                                                                                                    Entropy (8bit):4.054255384536267
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:tcoqAuJJhP7yShzrcOTpBqPmJT2cePJeSFu1uXfSVbxS6GRqkg+HqpYNOo5bASNQ:hqPY85FBgcAtu1QS8qkg+HIYZXtlkN
                                                                                                                    MD5:04FDC7FEDBD2538F8B4A24EC6A737DDB
                                                                                                                    SHA1:30EAAA4ECE1B1D47F846D1CF2B5B29753049335C
                                                                                                                    SHA-256:E649612224E5754F9FD4A7602847F932B58BF6B24A22A36029D782FD129054CD
                                                                                                                    SHA-512:18502FD6B8C17E3EE5EC89E9F9028710BB2BE57D2FB46282DDD3E7CE5C76F76FD17ECDFCC810F4B44FCE583937F10DD45C397449C374E4DBD7EFF2C12E36358C
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="19" height="21" viewBox="0 0 19 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.896 21C8.53124 20.9487 8.16142 20.9077 7.80173 20.8359C5.14713 20.3231 3.06499 18.9233 1.56544 16.6568C0.521838 15.0826 -0.00502985 13.334 3.61876e-05 11.4418C0.0101683 8.62669 1.02844 6.24228 3.05486 4.30398C3.81983 3.57584 4.69119 3.00665 5.6436 2.57592C6.08435 2.37594 6.54536 2.50926 6.77839 2.89897C7.00636 3.27843 6.92024 3.77069 6.57069 4.03734C6.47443 4.10912 6.36298 4.16553 6.25659 4.21681C4.39229 5.10904 3.05992 6.51918 2.28482 8.45235C1.75289 9.78044 1.6009 11.1547 1.81874 12.5751C2.07711 14.2467 2.79142 15.6928 3.96168 16.8978C5.00021 17.9695 6.25153 18.6925 7.70041 19.0309C9.72683 19.5078 11.6469 19.2207 13.4352 18.1592C15.1424 17.1491 16.3127 15.6723 16.9054 13.7647C17.5893 11.57 17.3613 9.44201 16.2316 7.43705C15.416 5.98589 14.2407 4.91931 12.7411 4.21681C12.4777 4.09374 12.2446 3.93478 12.1433 3.6425C12.0268 3.31432 12.118 2.93999 12.3764 2.70411C12.6651 2.44773 1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_turnoff_white.333d83c8.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1854
                                                                                                                    Entropy (8bit):4.069519451091226
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:tcoqAuJJhP7yShzrcOTpBqPmJT2cePJeSFu1uXfSVbxS6GRqkg+HqpYNOo5bAH2y:hqPY85FBgcAtu1QS8qkg+HIY1XtlkB
                                                                                                                    MD5:FCA164880EE2E1D12B798C98241DCB76
                                                                                                                    SHA1:A8554FA6389771ECBB7A7C5FEB016EC3DD6C056E
                                                                                                                    SHA-256:5F591B87FE162601A488611DAEE8E89C6C0ABA9006DE926D75FC339224AA61E2
                                                                                                                    SHA-512:90C00A580BBB8C47AB0B88A52F7738AE6F3188F3E6964D7CBB7011680C4F5406FA61EF7EA8A6403D41CA429E3FFD9FFABEF4C948DCA86782515E99A057B1CE27
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="19" height="21" viewBox="0 0 19 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.896 21C8.53124 20.9487 8.16142 20.9077 7.80173 20.8359C5.14713 20.3231 3.06499 18.9233 1.56544 16.6568C0.521838 15.0826 -0.00502985 13.334 3.61876e-05 11.4418C0.0101683 8.62669 1.02844 6.24228 3.05486 4.30398C3.81983 3.57584 4.69119 3.00665 5.6436 2.57592C6.08435 2.37594 6.54536 2.50926 6.77839 2.89897C7.00636 3.27843 6.92024 3.77069 6.57069 4.03734C6.47443 4.10912 6.36298 4.16553 6.25659 4.21681C4.39229 5.10904 3.05992 6.51918 2.28482 8.45235C1.75289 9.78044 1.6009 11.1547 1.81874 12.5751C2.07711 14.2467 2.79142 15.6928 3.96168 16.8978C5.00021 17.9695 6.25153 18.6925 7.70041 19.0309C9.72683 19.5078 11.6469 19.2207 13.4352 18.1592C15.1424 17.1491 16.3127 15.6723 16.9054 13.7647C17.5893 11.57 17.3613 9.44201 16.2316 7.43705C15.416 5.98589 14.2407 4.91931 12.7411 4.21681C12.4777 4.09374 12.2446 3.93478 12.1433 3.6425C12.0268 3.31432 12.118 2.93999 12.3764 2.70411C12.6651 2.44773 1

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_unpin_gray.712c1820.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2922
                                                                                                                    Entropy (8bit):3.8955256034331684
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:qqUqL0zHerZmOk5T7f/v+8JKgmEU5BdN5gxQsAvCSEkP2ME6nwnTW5IO:qoC+rZg5vuwyVBb5gxQHvREkP2Jl8
                                                                                                                    MD5:60F659C2639149E5FE452A99BA232B94
                                                                                                                    SHA1:70AB8FCF7714F5C83F9C7C749E95702273CEAF11
                                                                                                                    SHA-256:FA330061E57D90B2BBB6F9F24982991F574DEC5E697CBACFB2551BD6D6317CD3
                                                                                                                    SHA-512:25C728806C4C1501762A1D0446D18818BDDE667FE0681074541D3C8F4F2207F8DC8AA3A5F825CDE2F79E580BBA0F6C9189BBD9C2E11D261E57D4ECA78B83405D
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.7852 5.44353C13.0198 3.71096 11.2747 1.96502 9.5161 0.225768C9.21289 -0.0752561 8.88947 -0.0752561 8.58626 0.225768C7.95964 0.841196 7.33975 1.45662 6.71986 2.07874C6.41665 2.37977 6.41665 2.69417 6.7266 3.00188C6.84788 3.12898 6.98264 3.2427 7.10392 3.36311C7.07697 3.40325 7.07023 3.42332 7.05676 3.4367C6.49077 3.99861 5.93152 4.56052 5.3588 5.10905C5.31163 5.15588 5.19709 5.17595 5.12971 5.16257C4.27399 5.00871 3.41153 4.92844 2.54234 5.04216C1.8416 5.12912 1.18802 5.34987 0.648983 5.82482C0.271659 6.16598 0.264921 6.48039 0.622032 6.83493C1.69336 7.89855 2.77143 8.96886 3.84276 10.0325C3.89667 10.086 3.94383 10.1395 4.02469 10.2198C3.88993 10.3402 3.76191 10.4472 3.64736 10.5609C2.50865 11.6915 1.3632 12.822 0.224493 13.9592C-0.0113341 14.1933 -0.0584993 14.4408 0.0695214 14.6883C0.197542 14.9291 0.453583 15.0562 0.743314 14.976C0.878073 14.9425 1.00609 14.8556 1.10716 14.75

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_unpin_white.6b8ad10f.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2920
                                                                                                                    Entropy (8bit):3.895777405127468
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:qqUqL0zHerZmOk5T7f/v+8JKgmEU5BdN5gxQsAvCSEkP2ME6nwnTW5Io:qoC+rZg5vuwyVBb5gxQHvREkP2Jla
                                                                                                                    MD5:610CC1A8CF2F609FCD872D217E3D4333
                                                                                                                    SHA1:91F5EBF7DFAA1F39123342EFF19176D4432C0388
                                                                                                                    SHA-256:AC401187E858B9BD7CAD7A638063B9808FA6545D6576BBEA41471C7336E6AAE2
                                                                                                                    SHA-512:E803E86F8090F205EBF3EF2E9796ECFD7B31485A89DFFA4B72785E3E721BFA67CEF2D1D8416352C320BC6556FF977FC9630A2E24551BA6CDB9965F2067B3CE28
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.7852 5.44353C13.0198 3.71096 11.2747 1.96502 9.5161 0.225768C9.21289 -0.0752561 8.88947 -0.0752561 8.58626 0.225768C7.95964 0.841196 7.33975 1.45662 6.71986 2.07874C6.41665 2.37977 6.41665 2.69417 6.7266 3.00188C6.84788 3.12898 6.98264 3.2427 7.10392 3.36311C7.07697 3.40325 7.07023 3.42332 7.05676 3.4367C6.49077 3.99861 5.93152 4.56052 5.3588 5.10905C5.31163 5.15588 5.19709 5.17595 5.12971 5.16257C4.27399 5.00871 3.41153 4.92844 2.54234 5.04216C1.8416 5.12912 1.18802 5.34987 0.648983 5.82482C0.271659 6.16598 0.264921 6.48039 0.622032 6.83493C1.69336 7.89855 2.77143 8.96886 3.84276 10.0325C3.89667 10.086 3.94383 10.1395 4.02469 10.2198C3.88993 10.3402 3.76191 10.4472 3.64736 10.5609C2.50865 11.6915 1.3632 12.822 0.224493 13.9592C-0.0113341 14.1933 -0.0584993 14.4408 0.0695214 14.6883C0.197542 14.9291 0.453583 15.0562 0.743314 14.976C0.878073 14.9425 1.00609 14.8556 1.10716 14.75

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_weather_gray.6eb05cae.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3445
                                                                                                                    Entropy (8bit):3.979453075901205
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:lFFqyQ7dtcTIAcq+/O53Jve2d923tqjvtLaTbVixmR/3dagOJj2xcS19kjJWtHGE:5q7HcUAT7mztiVLavIxmN3IZh2n
                                                                                                                    MD5:8517A7C9AC10921DEBA471DD89A13601
                                                                                                                    SHA1:55F06AA4A8E2C59CCBCF9EDFBF4A19192E921302
                                                                                                                    SHA-256:4AA2937B6A751F114A1CB7BE1A09ECEC436F70AF6350A17EAFF88A3D88262818
                                                                                                                    SHA-512:6EB83B5F88E0945C63550501FD856AB9E0B80C0827470124FF93342A7F8EB560CCF11AFEBC08D49F7BB55122EB6D22D0146E979D7A10F911233E17B77704DD86
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="27" height="23" viewBox="0 0 27 23" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M26.576 17.9499C26.4889 18.2549 26.4453 18.5599 26.3582 18.8649C25.7918 20.9561 24.0056 22.5245 21.8708 22.7859C21.5223 22.8294 21.1737 22.8294 20.8252 22.8294C17.2527 22.8294 13.6367 22.8294 10.0642 22.8294C7.84227 22.8294 6.09959 21.3917 5.66392 19.257C5.44609 18.2549 5.62036 17.2529 6.14316 16.338C6.18673 16.2508 6.2303 16.2073 6.27387 16.1201C6.01247 15.9023 5.70749 15.6845 5.44609 15.4666C3.57271 13.6804 2.96277 11.502 3.70341 9.0623C4.44405 6.62255 6.18672 5.18485 8.7136 4.74918C11.3712 4.31351 13.9416 5.70765 15.1615 8.10383C15.2486 8.27809 15.3358 8.32166 15.51 8.36523C17.8191 8.5395 19.5182 9.62867 20.5202 11.6763C20.6509 11.8941 20.7381 11.9813 20.9995 11.9813C23.8313 11.9377 26.0968 13.9418 26.4889 16.7301C26.4889 16.7736 26.5325 16.8608 26.5325 16.9043C26.576 17.2529 26.576 17.6014 26.576 17.9499ZM15.5972 21.3046C16.5121 21.3046 17.4706 21.3046 18.3855 21.3046C19.3439 2

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_weather_white.c0043930.svg

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3425
                                                                                                                    Entropy (8bit):4.01234712901125
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:DKJzzcgT2SgblyFVQzNrd99EGDBBIO2sOlvu0+sGD0gfDOAHmD1MjQQnfvw8aN+F:+zzcWMlyFWJO5fYdHmDufv1aNs
                                                                                                                    MD5:0C92AF8318B8C3247643257AF05FD42E
                                                                                                                    SHA1:2DD447FF88BC4B9BC48324FEF75D9395867D7462
                                                                                                                    SHA-256:0503A1E65404853AE72D674F95D1ECB8EFCDF94B68A5B80EE8B59D7E77504A39
                                                                                                                    SHA-512:C5AACD08A30E34262FA433B29EC8971CC39E4675D9186C9D527641516CBB5C70B7F3138DF3AA3BD45677B4043F89DAC981C2F16D31ACD6A80226E4E43AB6107B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="26" height="22" viewBox="0 0 26 22" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M26 17.2979C25.9147 17.5917 25.8721 17.8856 25.7869 18.1795C25.2328 20.1948 23.4853 21.7063 21.3968 21.9582C21.0558 22.0002 20.7149 22.0002 20.3739 22.0002C16.8789 22.0002 13.3413 22.0002 9.84631 22.0002C7.6726 22.0002 5.96772 20.6147 5.5415 18.5574C5.32839 17.5917 5.49888 16.6261 6.01034 15.7444C6.05297 15.6604 6.0956 15.6185 6.13822 15.5345C5.88249 15.3246 5.58412 15.1146 5.32839 14.9047C3.49565 13.1833 2.89895 11.0841 3.62352 8.7329C4.34809 6.38173 6.05296 4.99623 8.52503 4.57638C11.125 4.15653 13.6397 5.50005 14.8331 7.80923C14.9183 7.97717 15.0035 8.01915 15.174 8.06114C17.433 8.22908 19.0952 9.2787 20.0755 11.252C20.2034 11.4619 20.2887 11.5459 20.5444 11.5459C23.3148 11.5039 25.5311 13.4352 25.9147 16.1223C25.9147 16.1643 25.9574 16.2482 25.9574 16.2902C26 16.6261 26 16.962 26 17.2979ZM15.2593 20.5307C16.1543 20.5307 17.092 20.5307 17.9871 20.5307C18.9248 20.5307 19.8198 20.

                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\in_background_auto_update_img.dd2961b8.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    File Type:PNG image data, 490 x 140, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):11957
                                                                                                                    Entropy (8bit):7.943985153985361
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:jSTZR77SSlsXp7h9PKr6L1KJ9yRh/+AogjkisWttJkuzTCFvm9e4t4L6swiagy76:WJsV0e1j+AoGsWtxWqCJHHNi0
                                                                                                                    MD5:5D3291D90D252B1C09C262466D67D04A
                                                                                                                    SHA1:0AFB93843C13CC71B458D92E5400FC756FEC5691
                                                                                                                    SHA-256:4192A0833E3F06C4B9B563BA5777A3CBFAA69BCBA6DF233889540709772FF082
                                                                                                                    SHA-512:B14F315D3C3A7F7EEEB758774DCC0F3891087DCC79C2A30C61E27F401F04AFDD18D0393AA7CFA4E56A41F6F295AF0716920B313653D095ADB5CE56E18804EEE1
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a....JIDATx..}p..}.b......l.`...cp.p..$....M...$...6.I.o...i...N.f...L.G.M..8.f...0..,$1..........3.X....=.s........+..~f4..=.y?.w~..9.i.c.Q'..B.<2..'..B.."A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..17...2........&wS.m..^..r..x......kC/9!..b..r..m... ..=.GA@g.j..7...I`.!..I..RP..y.k.....^....kCn.....wB.!..`...E.q9.}......q-7..z._Z|.......T0o.....7...~......+.n....Y.q.+.5....IW.O..~o.....Y...].Y....v.....~w..{.../..?..g..y...?...x..g...'....zA...o...7o..........R......W)...k........._..[{....|..?..?.Y..?......O.`.{<..j..dtt.......Q-...c_..S.Zz<G.R?.so.....H...}.I..o}....cuiy......_y.}...s---..O~5..g.wB.Q.......k..z@X.....t..._.qn.]w.A..D..<......@.,.=....>.v.u.{.....s...4..ou.>......7....o.-.X.Tz.....

                                                                                                                    Chrome Cache Entry: 274

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (2722), with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):2722
                                                                                                                    Entropy (8bit):5.8585269397707895
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:Ego2eJJn6IzUtJQSc8aQqSG4v/q7SWWdCEqjWkt08BHp9s05WPCVb56yCjLEcy:aJd6SUtJfNrVlCWWWdtqjZNJx5ECVWL4
                                                                                                                    MD5:319D15C9D05F86ECB8F05AA18CBF7652
                                                                                                                    SHA1:15C6B0B5CE4F720497974612D607F234BB7DEF2D
                                                                                                                    SHA-256:6B4FE4CA380A4EC98B470CAC3333FB2BE3C73A731D06D0CF710BE6F17103133F
                                                                                                                    SHA-512:EDE32955970FED15C3AB2FFB4F87499D591ADD82066B7D844D113A4B0B48536D3C42D8CE20D9AAB1B4E00A929A130C1F5A91BEB52DA78CF0986C503EAA7772B2
                                                                                                                    Malicious:false
                                                                                                                    URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1724424969591&cv=11&fst=1724424969591&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4
                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var r=k&&k[610401301];g=r!=null?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;(b=d.indexOf("fmt",b))>=0&&b<a;){var c=d.charCodeAt(b-1);if(c==38||c==63)if(c=d.charCodeAt(b+3),!c||c==61||c==38||c==35)b

                                                                                                                    Chrome Cache Entry: 275

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:HTML document, ASCII text, with very long lines (62731), with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):62731
                                                                                                                    Entropy (8bit):5.507606191726951
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:lyk1VLHqFtw7RkCHsyCBbri6ayytiYNCoE48l5DO+n/dFO/0X8+H98jYWOldCsn7:lyk1VTqFtw7RkCHsyCBbri6ayytiYNCl
                                                                                                                    MD5:52FF967C76F794882D054B7939CE203A
                                                                                                                    SHA1:E5E81442C7B4B4F7F280CC50F1C0D4FFCDAD535C
                                                                                                                    SHA-256:6EC5C6E0DA29E6E7A6E507075A355684EC60AA836FD3172D0AB84713038B5A8B
                                                                                                                    SHA-512:DE64F9F635BC86C751A210EC37888B94C0BCB98306A2A5DA22A2A72E02D8073B27866E51154C151EF4EAE1161F742CBEA6A46D8DE5F56F69A899A12BB481E8B5
                                                                                                                    Malicious:false
                                                                                                                    URL:https://td.doubleclick.net/td/rul/858128210?random=1724424969591&cv=11&fst=1724424969591&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view
                                                                                                                    Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":2592000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s286493064.1724424970","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s286493064.1724424970\u0026tag_eid=44805664","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sNaZJ2A!2sZvAwCw!3sAAptDV7QvvRi","1i44805664"],"userBiddingSignals":[["7904705661","596093288","7904283812","475816165"],null,1724424971250514],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=6811643260

                                                                                                                    Chrome Cache Entry: 276

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (14539)
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):351055
                                                                                                                    Entropy (8bit):5.5876432347819405
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:I43jUVrRRs56YkurgySjmVXFt/pZh2TMpxi5IGPx6V:x3CrRu567KdLn
                                                                                                                    MD5:54DEC7BA733F4F53DEDE76C072F92EB8
                                                                                                                    SHA1:643BBD115455E4137FB086D302217DDEF2C123A8
                                                                                                                    SHA-256:669D71D90AC789ACABE9B5F1439825BF012236DE92102B5F5F420CCBA35D7B5A
                                                                                                                    SHA-512:34F902E64662313F48A0D59044CC97314591A88DBAC6372D047332F02E7CCBC2E3F12CBB19526E590EE06F3707F83610DF8F29D4D64DFD34725C816BE6E40213
                                                                                                                    Malicious:false
                                                                                                                    URL:https://www.googletagmanager.com/gtag/js?id=G-VFQWFX3X1C
                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":39,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":17},{"function":"__ogt_ga_send","priority":29,"vtp_value":true,"tag_id":19},{"function":"__ogt_referral_exclusion","priority":29,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":20},{"function":"__ogt_session_timeout","priority":29,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":21},{"function":"__ogt_1p_data_v2","priority":29,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR"

                                                                                                                    Chrome Cache Entry: 277

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:HTML document, ASCII text, with very long lines (62731), with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):62731
                                                                                                                    Entropy (8bit):5.507633848140142
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:ghkVVjqntX7RkClWrU5bU5cDbLCtkYD8rMC+xa94L4JXPGO/cX/+q9AjmdnzJDUq:ghkVVjqntX7RkClWrU5bU5cDbOtkYD8M
                                                                                                                    MD5:67959A27348CAE1E7486350997A757F2
                                                                                                                    SHA1:6FCCE65AE8025F0C6FCF88F405A8442A6D563902
                                                                                                                    SHA-256:16D5E49799227F4C1E8EA5BD1B44A2A0911AD70AC48F6A13EC71E6BE72C34B4E
                                                                                                                    SHA-512:FF2916FD0555562A806A4E615E3A1885B02DB9E48B2D7B57F97B5F603F20A759364AA291D7DB808939020640D78CCCEA6D6FC384A203A3D891E77922B2148CEC
                                                                                                                    Malicious:false
                                                                                                                    URL:https://td.doubleclick.net/td/rul/858128210?random=1724424969537&cv=11&fst=1724424969537&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
                                                                                                                    Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":2592000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s286493064.1724424970","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s286493064.1724424970\u0026tag_eid=44805664","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sNaZJ2A!2sZvAwCw!3sAAptDV7QvvRi","1i44805664"],"userBiddingSignals":[["7904705661","7904283812","596093288","475816165"],null,1724424971249340],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=6811643260

                                                                                                                    Chrome Cache Entry: 278

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (2821), with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):2821
                                                                                                                    Entropy (8bit):5.896595630384003
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:Ego2eJJn6IzUtJQSc8aQqSG4v/q7SWWdCEqjWkt08AXHpJ05WPCVb2blyfpPyuy:aJd6SUtJfNrVlCWWWdtqjZ0XJK5ECV6R
                                                                                                                    MD5:990B7AEE073624921F1A1E46326B9E6E
                                                                                                                    SHA1:FDB446DFF927F0743EDF5235993D587D47C2183D
                                                                                                                    SHA-256:9A639A790A31F3240137C4A7517390DD58D94EBD18DE809341C3B308B598BDA0
                                                                                                                    SHA-512:07928FFAF2D791CF48BC2FB496DF1ED81A28407F3AC99113656C95B08C3663692E355CC07BEF68A4CCC0BAA9E7594493649953D22C195E18E967FFD380127EA1
                                                                                                                    Malicious:false
                                                                                                                    URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1724424970523&cv=11&fst=1724424970523&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4
                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var r=k&&k[610401301];g=r!=null?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;(b=d.indexOf("fmt",b))>=0&&b<a;){var c=d.charCodeAt(b-1);if(c==38||c==63)if(c=d.charCodeAt(b+3),!c||c==61||c==38||c==35)b

                                                                                                                    Chrome Cache Entry: 279

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (14539)
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):377958
                                                                                                                    Entropy (8bit):5.588975646993722
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:I43cZ+mUVrRRs5+YOurgySjmVXFtQpZh2TMpxi5IGPx6S:x3c0rRu5+jKeLM
                                                                                                                    MD5:DC6433DF93988730AEA977E80A42167D
                                                                                                                    SHA1:1CC9AAD20DDFEF9F13F9390546381A6B965B9280
                                                                                                                    SHA-256:5A93F9BDC4BF390FAEAA8C1188D79F613D5B662E643534947D9D5209FD1B1209
                                                                                                                    SHA-512:572B2D79C178F4B8339E34A7F9C4BF4BB8850B47FB71830D2281A3E7D676E786982ADDFB44F16ED15047A4B3562D21836A60F6A9452534C47AE77FF057A69784
                                                                                                                    Malicious:false
                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":39,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":17},{"function":"__ogt_ga_send","priority":29,"vtp_value":true,"tag_id":19},{"function":"__ogt_referral_exclusion","priority":29,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":20},{"function":"__ogt_session_timeout","priority":29,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":21},{"function":"__ogt_1p_data_v2","priority":29,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR"

                                                                                                                    Chrome Cache Entry: 280

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (2742), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2742
                                                                                                                    Entropy (8bit):5.878238229900097
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:Ego2eJJn6IzUtJQSc8aQqSG4v/q7SWWdCEqjWkt08THpSd05WPCVb56yKYKuy:aJd6SUtJfNrVlCWWWdtqjZfJSO5ECVE
                                                                                                                    MD5:EC82506D4621DE7F931DC03EF75E78F5
                                                                                                                    SHA1:0BA60B1AFCF04583D0C004573F36DEB4BA7BD17D
                                                                                                                    SHA-256:C62B607B32C624C1C2D8C0C94746B4FF8FF059AF6871B2AC34B8ADB02948BE83
                                                                                                                    SHA-512:3EA0C0DF2981E5C0E5257F4E72806F1B1A42399F75FE5109C95264D81249B8234F99CB8B56E9D35094324F7594F5492F4F42509BE74B3461E070DDFB79067192
                                                                                                                    Malicious:false
                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var r=k&&k[610401301];g=r!=null?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;(b=d.indexOf("fmt",b))>=0&&b<a;){var c=d.charCodeAt(b-1);if(c==38||c==63)if(c=d.charCodeAt(b+3),!c||c==61||c==38||c==35)b

                                                                                                                    Chrome Cache Entry: 281

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):3592
                                                                                                                    Entropy (8bit):4.71780114350715
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:XlbKIGVo4FFr2s2wVix2FFCCQ86TqYeZEB:XVFCXc+ixi4lTPB
                                                                                                                    MD5:0FFC071BC5AF33D2BE224CF147670471
                                                                                                                    SHA1:5A7FC912A47D0531B2C95BFCB6BEAAA2248E0779
                                                                                                                    SHA-256:1923EFD4718E21B882410106B6FEF7FA35C3EB2EC3C2338CD8DFF07108F25C1F
                                                                                                                    SHA-512:205AF4B98312AB012BE7D7C25AC0A6D91D11C77DC3E29A9D6CC80F96A97577826079469AF16F88FE214CF0A17C70261C4AAA671FBB19EF214B91776BC3683353
                                                                                                                    Malicious:false
                                                                                                                    URL:https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg
                                                                                                                    Preview:<svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0 00-.191-.239c-.048-.096-.144-.143-.24-.191-.096-.048-.191-.144-.287-.192L31.16 17.144c-.096-.048-.144-.048-.24-.096S30.777 17 30.68 17h-.574c-.096 0-.144.048-.191.096-.048.048-.096.048-.144.096-.048.047-.048.095-.096.143L28 23.8v.191l7.853 43.29c0 .144.048.24.144.336.048.096.144.191.24.287.095.096.191.192.335.24.096.047.24.143.383.143.048 0 .048 0 .096.048h.622s.048 0 .048-.048c0 0 .048 0 .048-.048h.048s.048 0 .048-.047h.048l.048-.048.047-.048 10.153-14.27L63.1 70.537l.048.048s.048 0 .048.048l.048.048s.048.048.096.048h.096c.047 0 .047.047.095.047s.048.048.096.048h.863c.048 0 .048 0 .096-.047.048 0 .048-.048.096-.048l8.476-5.986 4.214-5.603c.048-.048.048-.096.096-.144 0-.048.047-.096.047-.144v-.191c0-.048-.047-.144-.047-.192a.363.363 0

                                                                                                                    Chrome Cache Entry: 282

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (4179)
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):275395
                                                                                                                    Entropy (8bit):5.543681554486191
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:4htIiSVrR/Z3V4LJ70KYo7u3qQGmzF3Tub5jSjmtXXFtgzFxwUI:wUVrRR3ewku3uBSjmVXFtgzFxwV
                                                                                                                    MD5:FC305E49002C888BD85FCF148B8A65FA
                                                                                                                    SHA1:D94F7AE96DAD90669552B04A9333DCD52273CA52
                                                                                                                    SHA-256:0D5BE5112DF166FBA55A61D6C6A1DBB5451CEAEB1F042783BF2FD5EB02C63FCD
                                                                                                                    SHA-512:76BF2FBC1B0BEA4137922080A8582DB701C3C3D1C7F3B72858E88061F89985BBB8472044F760AAC1549475B19F21AC895B25C3CC11498028688A88916432FFCD
                                                                                                                    Malicious:false
                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":16,"vtp_instanceDestinationId":"AW-858128210","tag_id":16},{"function":"__ogt_cps","priority":6,"vtp_cpsMode":"ALL","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_

                                                                                                                    Chrome Cache Entry: 283

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (4179)
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):275395
                                                                                                                    Entropy (8bit):5.543720896013004
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:4htIiSVrR/Z3VzLJ70KYo7u3qQGmzF3Tub5jSjmtXXFtgzFxwUI:wUVrRR3Jwku3uBSjmVXFtgzFxwV
                                                                                                                    MD5:F720D92C99D492F2E12ED7FF8DD26966
                                                                                                                    SHA1:CC6BF083584B16F6F653B4F5186A8F832B72C039
                                                                                                                    SHA-256:96EAB408A9805687E1D57F3B933D61761E0D1294521F01DAD73A30A06359CC40
                                                                                                                    SHA-512:F721CA386C4BEFB75CE12D9943B31612ECA634969C875D0BD2A2FAA5849A8FA47E2305180C469217856FAE1A44964B4BFD632E84C11585F093EDE5C7FCA644DC
                                                                                                                    Malicious:false
                                                                                                                    URL:https://www.googletagmanager.com/gtag/js?id=AW-858128210
                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":16,"vtp_instanceDestinationId":"AW-858128210","tag_id":16},{"function":"__ogt_cps","priority":6,"vtp_cpsMode":"ALL","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_

                                                                                                                    Chrome Cache Entry: 284

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3592
                                                                                                                    Entropy (8bit):4.71780114350715
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:XlbKIGVo4FFr2s2wVix2FFCCQ86TqYeZEB:XVFCXc+ixi4lTPB
                                                                                                                    MD5:0FFC071BC5AF33D2BE224CF147670471
                                                                                                                    SHA1:5A7FC912A47D0531B2C95BFCB6BEAAA2248E0779
                                                                                                                    SHA-256:1923EFD4718E21B882410106B6FEF7FA35C3EB2EC3C2338CD8DFF07108F25C1F
                                                                                                                    SHA-512:205AF4B98312AB012BE7D7C25AC0A6D91D11C77DC3E29A9D6CC80F96A97577826079469AF16F88FE214CF0A17C70261C4AAA671FBB19EF214B91776BC3683353
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0 00-.191-.239c-.048-.096-.144-.143-.24-.191-.096-.048-.191-.144-.287-.192L31.16 17.144c-.096-.048-.144-.048-.24-.096S30.777 17 30.68 17h-.574c-.096 0-.144.048-.191.096-.048.048-.096.048-.144.096-.048.047-.048.095-.096.143L28 23.8v.191l7.853 43.29c0 .144.048.24.144.336.048.096.144.191.24.287.095.096.191.192.335.24.096.047.24.143.383.143.048 0 .048 0 .096.048h.622s.048 0 .048-.048c0 0 .048 0 .048-.048h.048s.048 0 .048-.047h.048l.048-.048.047-.048 10.153-14.27L63.1 70.537l.048.048s.048 0 .048.048l.048.048s.048.048.096.048h.096c.047 0 .047.047.095.047s.048.048.096.048h.863c.048 0 .048 0 .096-.047.048 0 .048-.048.096-.048l8.476-5.986 4.214-5.603c.048-.048.048-.096.096-.144 0-.048.047-.096.047-.144v-.191c0-.048-.047-.144-.047-.192a.363.363 0

                                                                                                                    Chrome Cache Entry: 285

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (14539)
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):351081
                                                                                                                    Entropy (8bit):5.5876915872162884
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:I43jUVrRRs56YOurgySjmVXFtQpZh2TMpxi5IGPx60:x3CrRu56jKeLO
                                                                                                                    MD5:C7F9FAC90CB5B1603A36073D9FE3136A
                                                                                                                    SHA1:69B1DCE04956FD1D728DE512444C1D0D9A6689AE
                                                                                                                    SHA-256:FA79E7985BA724E894BAA8B8D29B1745FD03DA6D828E469FA8B181225A5D227E
                                                                                                                    SHA-512:16FE73CD0FF6DFF0B305CF65E157338C3B14556E0B79E081633958961F24C91E9AADB12DC6923DA1B9E3A8336D72DF7D20F7D0E6F03AE3B65C1912ECFDC32EA3
                                                                                                                    Malicious:false
                                                                                                                    URL:https://www.googletagmanager.com/gtag/js?id=G-VFQWFX3X1C&l=dataLayer&cx=c
                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":39,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":17},{"function":"__ogt_ga_send","priority":29,"vtp_value":true,"tag_id":19},{"function":"__ogt_referral_exclusion","priority":29,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":20},{"function":"__ogt_session_timeout","priority":29,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":21},{"function":"__ogt_1p_data_v2","priority":29,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR"

                                                                                                                    Chrome Cache Entry: 286

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):48444
                                                                                                                    Entropy (8bit):7.995593685409469
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:768:dn0V9qZpy/4pR+9MzTCGXckDohHxCc/TfZQEh9UONYyPYcABoN/8rZujvB:dn0+rAmWUMooVrbZQE7NYyzABK8rQ1
                                                                                                                    MD5:8E433C0592F77BEB6DC527D7B90BE120
                                                                                                                    SHA1:D7402416753AE1BB4CBD4B10D33A0C10517838BD
                                                                                                                    SHA-256:F052EE44C3728DFD23ABA8A4567150BC314D23903026FBB6AD089422C2DF56AF
                                                                                                                    SHA-512:5E90F48B923BB95AEB49691D03DADE8825C119B2FA28977EA170C41548900F4E0165E2869F97C7A9380D7FF8FF331A1DA855500E5F7B0DFD2B9ABD77A386BBF3
                                                                                                                    Malicious:false
                                                                                                                    URL:https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
                                                                                                                    Preview:wOF2.......<.......l..............................`...\..p?HVAR.m?MVAR^.`?STAT.N'&..>/l........>....0....6.$.... ........[..A.2v.6......$..e...w"../.L.p:......Tpc..8@.[5......d#d.xw..o.O3-.....%..>...%..)~p.K.J.H..S...s..z..Wa.. 0\..J.....BL;V..-.L...j....^.9..HO l..,.*.6.v....?....x.....m..;....a![zif...Ur...Q..P.&.I1..:n.p...j~..h...9.!....@.<.bl|.Y?h..B.j/..rH.S%/~.^D...6..D.4G...y....Y.....=/o..W..5ryo.d?.gA]..?...1V..S......7ZJ...f....mBG[0eW....y..%B}..]? ...,sR<.y~.~.}.%.!..,X.....`...R..^....S.....u*.?k.v.k..U.u..M..`!...b!..X)P...y{.........n..T+6...R......L...x}...g...].g"WT.b..h ....X...=;{w...QO.s..w..@.(,..........{.........1..@...(...\.......9*..2.h9P.G........K.Dp...F..4W..ui.u...G...s..x7.?..tg..D..O.sA..t.t.4..~..e\...X.....T..kf.qfX..=^_....g"....De...x[J..A..).G.YUhR.....0.l..#&3.'.K..*...........$I.Pp.../.s.<@...r=..S......d..P.S.B.w.~X..ZK....h J.`A.bv,=.....>1.Ev.^..U.A. ....EU..].........dw..!$.A`..B.._.....Z~..!..J..l]r.m}m..

                                                                                                                    Chrome Cache Entry: 287

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2118
                                                                                                                    Entropy (8bit):4.907323279161229
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:P8LlLU20REEalwVtWMhiiA379OC0WGKwKNHOLRcVIK0:ULtU2A8lwVtW+3ALKczI5
                                                                                                                    MD5:1039640CF0666A1621D55C9E9FA81439
                                                                                                                    SHA1:A7E6A6AB233DAE1776506F2E6C7FD03E46E83EA9
                                                                                                                    SHA-256:4455C2A26901C4D348E194B06B06908C155E6459CF5987984D03848E30964F0C
                                                                                                                    SHA-512:F9324B6C58C51DC3F24BD242EADA7E5565B60E12863EC13F28D883028791AEC7EC5E324298FA0427AD1CD45BDD7260FF0295DC171F24DD0AC3F0203FB6CD0706
                                                                                                                    Malicious:false
                                                                                                                    Preview:<svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill="#fff"/></g><path d="M81.894 54.233H67.64c-.913 0-.913 0-.913-.865V32.733c0-.865 0-.845.85-.966 3.341-.463 6.661-.946 10.002-1.41 3.839-.543 7.657-1.066 11.496-1.59 2.345-.322 4.69-.664 7.014-.986 1.037-.14 1.037-.14 1.037.866v24.6c0 .986 0 .986-1.016.986H81.894zm.021 5.841h14.422c.767 0 .767 0 .767.765v24.963c0 .845 0 .865-.871.745-3.32-.463-6.64-.947-9.94-1.41-2.282-.322-4.586-.624-6.868-.946-2.801-.382-5.603-.785-8.404-1.187-1.204-.161-2.386-.363-3.59-.484-.54-.06-.705-.261-.705-.764.02-4.067.02-8.113.02-12.18v-8.898c0-.463.146-.604.623-.604 4.814.02 9.69 0 14.546 0zm-34.175.001h12.243c.705 0 .705 0 .705.704v19.669c0 .825-.041.825-.892.704-2.47-.342-4.918-.684-7.387-1.026-2.158-.303-4.316-.625-6.454-.927-2.448-.342-4.897-.664-7.345-

                                                                                                                    Chrome Cache Entry: 288

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):2442
                                                                                                                    Entropy (8bit):5.462129481910531
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:ejO4axujO4aFuFZjjO4aNjO4a73rjO4awNjO4aORVc+uXjO4aWN0oD:aO4axqO4aEFZHO4adO4a73vO4aoO4aiq
                                                                                                                    MD5:A545EA9BF9BAA0298A1E5DFC899E1ED1
                                                                                                                    SHA1:14772011A8B58050F88DE884AF1427B3A5446BF8
                                                                                                                    SHA-256:8910EB7147C93440E1664FA8D3F0A992D6B2DFBBE20D4B05F448A26A7869F85E
                                                                                                                    SHA-512:A10DAF0DB9B17616F8EF3A322EF013C81D4579419CF2B4EF408177D0F6160CE10AED6689D6B8452D85A4E72AFBC6833B33AFF09C834AE94C56101718D5C641E1
                                                                                                                    Malicious:false
                                                                                                                    URL:https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
                                                                                                                    Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. f

                                                                                                                    Chrome Cache Entry: 289

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:HTML document, ASCII text, with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):13
                                                                                                                    Entropy (8bit):2.7773627950641693
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:qVZPV:qzd
                                                                                                                    MD5:C83301425B2AD1D496473A5FF3D9ECCA
                                                                                                                    SHA1:941EFB7368E46B27B937D34B07FC4D41DA01B002
                                                                                                                    SHA-256:B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
                                                                                                                    SHA-512:83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
                                                                                                                    Malicious:false
                                                                                                                    URL:https://td.doubleclick.net/td/ga/rul?tid=G-VFQWFX3X1C&gacid=1878683437.1724424970&gtm=45je48l0v898645365za200zb9103256652&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1303857156
                                                                                                                    Preview:<html></html>

                                                                                                                    Chrome Cache Entry: 290

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (2839), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2839
                                                                                                                    Entropy (8bit):5.905626427424246
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:Ego2eJJn6IzUtJQSc8aQqSG4v/q7SWWdCEqjWkt08AXHpJ05WPCVb2blyfbuy:aJd6SUtJfNrVlCWWWdtqjZ0XJK5ECV6w
                                                                                                                    MD5:D3A9B21A6ED44F366AFEE7A32ED3D14F
                                                                                                                    SHA1:3B8839139ABDDDFFABA9F2BEE183E96E2F2219DF
                                                                                                                    SHA-256:50B08415A39D7FAB12A8E9EC570FA4C51E3E7806B9D2B346BD71CA267D6CE69E
                                                                                                                    SHA-512:DDBE1134CD1B511DC87880BD8ED73179C7080A9BD6C54189C34255842D38B17AD71C5FC4672A4B2EEF890508C02B988AB694CF89A2B1BAABC20BCAF3DBBCF09B
                                                                                                                    Malicious:false
                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var r=k&&k[610401301];g=r!=null?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;(b=d.indexOf("fmt",b))>=0&&b<a;){var c=d.charCodeAt(b-1);if(c==38||c==63)if(c=d.charCodeAt(b+3),!c||c==61||c==38||c==35)b

                                                                                                                    Chrome Cache Entry: 291

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (2739), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2739
                                                                                                                    Entropy (8bit):5.881932496065221
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:Ego2eJJn6IzUtJQSc8aQqSG4v/q7SWWdCEqjWkt08BHp9s05WPCVb56yCIzy:aJd6SUtJfNrVlCWWWdtqjZNJx5ECVC
                                                                                                                    MD5:2C3AA866F6AE1CA2B1C1E6B3449C8C58
                                                                                                                    SHA1:9C8177261F4F05AE00571948617B4254E7E8535C
                                                                                                                    SHA-256:B1A7A8B83DD01651F2FDB0F3F953D2CD455A1F5B142D55DB03CE5EBC71F7F664
                                                                                                                    SHA-512:01829A3C75834F1E23C1B4C366DEB134618EF4D7DEFE90469020CC5A3E9BD4954A74B3784697BAAE955556154A139860859E3EC93DA66BAB7E31C2C3D8618164
                                                                                                                    Malicious:false
                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var r=k&&k[610401301];g=r!=null?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;(b=d.indexOf("fmt",b))>=0&&b<a;){var c=d.charCodeAt(b-1);if(c==38||c==63)if(c=d.charCodeAt(b+3),!c||c==61||c==38||c==35)b

                                                                                                                    Chrome Cache Entry: 292

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (14539)
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):351055
                                                                                                                    Entropy (8bit):5.587630441034106
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:I43jUVrRRs5LYkurgySjmVXFt/pZh2TMpxi5IGPx6V:x3CrRu5L7KdLn
                                                                                                                    MD5:0D93E95FF69E912C1833977E2EBEB1F4
                                                                                                                    SHA1:5F4AF5E841DA37269CA0E164696CF8DAB0C93224
                                                                                                                    SHA-256:4C749D886632AC72025254E2DFA7A17ABB5C1B0B7E769F6C50C2E2186FD32A78
                                                                                                                    SHA-512:F6DCE9D6D92AC596836A1BFACD77BE202820E72C00F3AD22E4283A884B1158A497B7A4D7E39E8B08125DDD33E54A14DA0680391B95189BA2FCD7EE50DC7098C5
                                                                                                                    Malicious:false
                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":39,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":17},{"function":"__ogt_ga_send","priority":29,"vtp_value":true,"tag_id":19},{"function":"__ogt_referral_exclusion","priority":29,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":20},{"function":"__ogt_session_timeout","priority":29,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":21},{"function":"__ogt_1p_data_v2","priority":29,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR"

                                                                                                                    Chrome Cache Entry: 293

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (2724), with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):2724
                                                                                                                    Entropy (8bit):5.871431889004393
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:Ego2eJJn6IzUtJQSc8aQqSG4v/q7SWWdCEqjWkt08THpSd05WPCVb56yKnqy:aJd6SUtJfNrVlCWWWdtqjZfJSO5ECV8
                                                                                                                    MD5:5939092679DE088E2197ACB7424B5AE6
                                                                                                                    SHA1:82685E1319CE37D6E8E66F368154792561ECDE45
                                                                                                                    SHA-256:E5AA9D870FE7B253213BA22E1C698787F1BF4176308D71DE89D28102886D8A94
                                                                                                                    SHA-512:EEA9FD94474B4CDAD3AC792B2F616055021D9CC78FF6458BA412E27948E8B7088280E43BE98299B13759A7EC7CEE85A65FB0F825C9B733B938D8317079A698F0
                                                                                                                    Malicious:false
                                                                                                                    URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1724424969537&cv=11&fst=1724424969537&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var r=k&&k[610401301];g=r!=null?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;(b=d.indexOf("fmt",b))>=0&&b<a;){var c=d.charCodeAt(b-1);if(c==38||c==63)if(c=d.charCodeAt(b+3),!c||c==61||c==38||c==35)b

                                                                                                                    Chrome Cache Entry: 294

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:HTML document, ASCII text, with very long lines (62731), with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):62731
                                                                                                                    Entropy (8bit):5.507458030504223
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:bh+VL8jxbWX1kBvIWr55TUaLD+j3kOD8rMCcxE9CLvKX9GO1cx/oqrAJmdnzXDOW:bh+VojxbWX1kBvIWr55TUaLD+j3kOD84
                                                                                                                    MD5:5A3754F745DDEE108CC06C2B238BFF3D
                                                                                                                    SHA1:3632860AF361176116A89911E9C30BD91C5CDFED
                                                                                                                    SHA-256:A9F5D62AB542EE4C4F491F2F81FD23DA64225F6168DD5DAE4B12E60AF606E230
                                                                                                                    SHA-512:CDCFEFD2D2B21A0BC81B5281D151574D2B4D5B0E703B1C38F2CBD497ACF498EACF121936EC75E534F70B504585C2E9B49DEDEF8C2BC1904E0BE445E10C4D65FF
                                                                                                                    Malicious:false
                                                                                                                    URL:https://td.doubleclick.net/td/rul/858128210?random=1724424970523&cv=11&fst=1724424970523&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion
                                                                                                                    Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":2592000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s286493064.1724424970","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s286493064.1724424970\u0026tag_eid=44805664","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sNaZJ2A!2sZvAwDA!3sAAptDV5bRNtX","1i44805664"],"userBiddingSignals":[["7904705661","475816165","596093288","7904283812"],null,1724424972275513],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=6811643260

                                                                                                                    Chrome Cache Entry: 295

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):2118
                                                                                                                    Entropy (8bit):4.907323279161229
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:P8LlLU20REEalwVtWMhiiA379OC0WGKwKNHOLRcVIK0:ULtU2A8lwVtW+3ALKczI5
                                                                                                                    MD5:1039640CF0666A1621D55C9E9FA81439
                                                                                                                    SHA1:A7E6A6AB233DAE1776506F2E6C7FD03E46E83EA9
                                                                                                                    SHA-256:4455C2A26901C4D348E194B06B06908C155E6459CF5987984D03848E30964F0C
                                                                                                                    SHA-512:F9324B6C58C51DC3F24BD242EADA7E5565B60E12863EC13F28D883028791AEC7EC5E324298FA0427AD1CD45BDD7260FF0295DC171F24DD0AC3F0203FB6CD0706
                                                                                                                    Malicious:false
                                                                                                                    URL:https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg
                                                                                                                    Preview:<svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill="#fff"/></g><path d="M81.894 54.233H67.64c-.913 0-.913 0-.913-.865V32.733c0-.865 0-.845.85-.966 3.341-.463 6.661-.946 10.002-1.41 3.839-.543 7.657-1.066 11.496-1.59 2.345-.322 4.69-.664 7.014-.986 1.037-.14 1.037-.14 1.037.866v24.6c0 .986 0 .986-1.016.986H81.894zm.021 5.841h14.422c.767 0 .767 0 .767.765v24.963c0 .845 0 .865-.871.745-3.32-.463-6.64-.947-9.94-1.41-2.282-.322-4.586-.624-6.868-.946-2.801-.382-5.603-.785-8.404-1.187-1.204-.161-2.386-.363-3.59-.484-.54-.06-.705-.261-.705-.764.02-4.067.02-8.113.02-12.18v-8.898c0-.463.146-.604.623-.604 4.814.02 9.69 0 14.546 0zm-34.175.001h12.243c.705 0 .705 0 .705.704v19.669c0 .825-.041.825-.892.704-2.47-.342-4.918-.684-7.387-1.026-2.158-.303-4.316-.625-6.454-.927-2.448-.342-4.897-.664-7.345-

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                    Entropy (8bit):7.2260666255850765
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:tKr6T60C1r.exe
                                                                                                                    File size:120'368 bytes
                                                                                                                    MD5:7a76afaca4af78f671cc47cb7993eecf
                                                                                                                    SHA1:e3db2469e3dfe8d8367b40acd599d0ea9a6ffd20
                                                                                                                    SHA256:f649b1aeeffa6f99f42435e1ad28d7bf7687c545d4c0e2add1b6ac8c871d7133
                                                                                                                    SHA512:b19692f3e4a9bd840792c876f33568d6d136ba87a21d68f3899eae0630d46b9103f6e5173e4cc9be76c1f73d9ee24599b40878571ee949bfa6f4ec0ef125f8be
                                                                                                                    SSDEEP:3072:KbG7N2kDTHUpouDNDheVPzy5n+/mGCKHU1:KbE/HULNcVry5nmw1
                                                                                                                    TLSH:D2C3C05056E0C423D8A24A3079B57E7B8EB6DD2166709E4313107F587E7EF81AB1E3A3
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                    File Icon

                                                                                                                    Icon Hash:45d44c7192498005

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x40352d
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:true
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:4
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:4
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:4
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                    Authenticode Signature

                                                                                                                    Signature Valid:true
                                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                    Error Number:0
                                                                                                                    Not Before, Not After
                                                                                                                    • 08/05/2024 02:00:00 14/02/2025 00:59:59
                                                                                                                    Subject Chain
                                                                                                                    • CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL
                                                                                                                    Version:3
                                                                                                                    Thumbprint MD5:04786BD703B906E22AECB2AD38CE4D94
                                                                                                                    Thumbprint SHA-1:07BE42727905BE32C822A638502C1B8FAAE6540A
                                                                                                                    Thumbprint SHA-256:FDB017BB88E5D453E22A73810690C72534F58EFB109EA0D4494EC393F2307DBC
                                                                                                                    Serial:0E5C655E1CBE9A8879372F58A5BC0302

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    sub esp, 000003F4h
                                                                                                                    push ebx
                                                                                                                    push esi
                                                                                                                    push edi
                                                                                                                    push 00000020h
                                                                                                                    pop edi
                                                                                                                    xor ebx, ebx
                                                                                                                    push 00008001h
                                                                                                                    mov dword ptr [ebp-14h], ebx
                                                                                                                    mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                    mov dword ptr [ebp-10h], ebx
                                                                                                                    call dword ptr [004080CCh]
                                                                                                                    mov esi, dword ptr [004080D0h]
                                                                                                                    lea eax, dword ptr [ebp-00000140h]
                                                                                                                    push eax
                                                                                                                    mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                    mov dword ptr [ebp-2Ch], ebx
                                                                                                                    mov dword ptr [ebp-28h], ebx
                                                                                                                    mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                    call esi
                                                                                                                    test eax, eax
                                                                                                                    jne 00007F9F507F23FAh
                                                                                                                    lea eax, dword ptr [ebp-00000140h]
                                                                                                                    mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                    push eax
                                                                                                                    call esi
                                                                                                                    mov ax, word ptr [ebp-0000012Ch]
                                                                                                                    mov ecx, dword ptr [ebp-00000112h]
                                                                                                                    sub ax, 00000053h
                                                                                                                    add ecx, FFFFFFD0h
                                                                                                                    neg ax
                                                                                                                    sbb eax, eax
                                                                                                                    mov byte ptr [ebp-26h], 00000004h
                                                                                                                    not eax
                                                                                                                    and eax, ecx
                                                                                                                    mov word ptr [ebp-2Ch], ax
                                                                                                                    cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                    jnc 00007F9F507F23CAh
                                                                                                                    and word ptr [ebp-00000132h], 0000h
                                                                                                                    mov eax, dword ptr [ebp-00000134h]
                                                                                                                    movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                    mov dword ptr [00434FB8h], eax
                                                                                                                    xor eax, eax
                                                                                                                    mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                    movzx eax, ax
                                                                                                                    or eax, ecx
                                                                                                                    xor ecx, ecx
                                                                                                                    mov ch, byte ptr [ebp-2Ch]
                                                                                                                    movzx ecx, cx
                                                                                                                    shl eax, 10h
                                                                                                                    or eax, ecx

                                                                                                                    Rich Headers

                                                                                                                    Programming Language:
                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x6c0000x4f40.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x1acc80x2968.data
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .ndata0x360000x360000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc0x6c0000x4f400x50001bd1c8ed7bf3294c8d8325495a85db02False0.10146484375data2.760729592452911IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0x6c2080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States0.036372224846480866
                                                                                                                    RT_DIALOG0x704300x202dataEnglishUnited States0.4085603112840467
                                                                                                                    RT_DIALOG0x706380xf8dataEnglishUnited States0.6290322580645161
                                                                                                                    RT_DIALOG0x707300xa0dataEnglishUnited States0.60625
                                                                                                                    RT_DIALOG0x707d00xeedataEnglishUnited States0.6302521008403361
                                                                                                                    RT_GROUP_ICON0x708c00x14dataEnglishUnited States1.1
                                                                                                                    RT_VERSION0x708d80x240dataEnglishUnited States0.4878472222222222
                                                                                                                    RT_MANIFEST0x70b180x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                    ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                    COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                    USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                    GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                    KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishUnited States

                                                                                                                    Network Behavior

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Aug 23, 2024 16:56:00.857208014 CEST192.168.2.71.1.1.10xbac4Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.415874004 CEST192.168.2.71.1.1.10xfdb5Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.416026115 CEST192.168.2.71.1.1.10x9313Standard query (0)pcapp.store65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.450113058 CEST192.168.2.71.1.1.10x1d6dStandard query (0)delivery.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.510777950 CEST192.168.2.71.1.1.10xbe50Standard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.510965109 CEST192.168.2.71.1.1.10xbc9bStandard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.380027056 CEST192.168.2.71.1.1.10xa8cdStandard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.380179882 CEST192.168.2.71.1.1.10xadb4Standard query (0)td.doubleclick.net65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.394848108 CEST192.168.2.71.1.1.10xa520Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.395009995 CEST192.168.2.71.1.1.10xae41Standard query (0)pcapp.store65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.496929884 CEST192.168.2.71.1.1.10x2cd6Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.497133017 CEST192.168.2.71.1.1.10x3edeStandard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.005922079 CEST192.168.2.71.1.1.10xc892Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.006361008 CEST192.168.2.71.1.1.10x2255Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.009804010 CEST192.168.2.71.1.1.10xb80cStandard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.010194063 CEST192.168.2.71.1.1.10xf2d0Standard query (0)google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.215708017 CEST192.168.2.71.1.1.10x4e26Standard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.216131926 CEST192.168.2.71.1.1.10x721cStandard query (0)analytics.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.216864109 CEST192.168.2.71.1.1.10x519fStandard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.217170954 CEST192.168.2.71.1.1.10x57dfStandard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.103316069 CEST192.168.2.71.1.1.10x705eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.105065107 CEST192.168.2.71.1.1.10x7625Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.338200092 CEST192.168.2.71.1.1.10x820bStandard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.338843107 CEST192.168.2.71.1.1.10xca4eStandard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.392066956 CEST192.168.2.71.1.1.10x86d5Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.392477036 CEST192.168.2.71.1.1.10x4fe4Standard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:13.352381945 CEST192.168.2.71.1.1.10xc5b8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:13.352571964 CEST192.168.2.71.1.1.10x4382Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.606654882 CEST192.168.2.71.1.1.10xe629Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.606826067 CEST192.168.2.71.1.1.10xb229Standard query (0)pcapp.store65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:57.155136108 CEST192.168.2.71.1.1.10x6b60Standard query (0)d74queuslupub.cloudfront.netA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:00.866609097 CEST1.1.1.1192.168.2.70xbac4No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.423805952 CEST1.1.1.1192.168.2.70xfdb5No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)delivery.pcapp.store1285660440.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org212.102.56.179A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org169.150.255.184A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org195.181.175.41A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org169.150.255.181A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org207.211.211.27A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org195.181.170.18A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:07.465002060 CEST1.1.1.1192.168.2.70x1d6dNo error (0)1285660440.rsc.cdn77.org37.19.194.81A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.535094976 CEST1.1.1.1192.168.2.70xbc9bNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org207.211.211.27A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org37.19.194.81A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org212.102.56.179A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org195.181.170.18A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org169.150.255.180A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org195.181.175.40A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:09.558259010 CEST1.1.1.1192.168.2.70xbe50No error (0)1715720427.rsc.cdn77.org169.150.255.184A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.400713921 CEST1.1.1.1192.168.2.70xa8cdNo error (0)td.doubleclick.net142.250.186.98A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.410840988 CEST1.1.1.1192.168.2.70xa520No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.507380962 CEST1.1.1.1192.168.2.70x2cd6No error (0)googleads.g.doubleclick.net142.250.185.162A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:10.507396936 CEST1.1.1.1192.168.2.70x3edeNo error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.013834953 CEST1.1.1.1192.168.2.70xc892No error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.013947964 CEST1.1.1.1192.168.2.70x2255No error (0)www.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.020006895 CEST1.1.1.1192.168.2.70xb80cNo error (0)google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.020018101 CEST1.1.1.1192.168.2.70xf2d0No error (0)google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224425077 CEST1.1.1.1192.168.2.70x519fNo error (0)stats.g.doubleclick.net66.102.1.154A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224425077 CEST1.1.1.1192.168.2.70x519fNo error (0)stats.g.doubleclick.net66.102.1.156A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224425077 CEST1.1.1.1192.168.2.70x519fNo error (0)stats.g.doubleclick.net66.102.1.155A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224425077 CEST1.1.1.1192.168.2.70x519fNo error (0)stats.g.doubleclick.net66.102.1.157A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224937916 CEST1.1.1.1192.168.2.70x4e26No error (0)analytics.google.comanalytics-alv.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224937916 CEST1.1.1.1192.168.2.70x4e26No error (0)analytics-alv.google.com216.239.38.181A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224937916 CEST1.1.1.1192.168.2.70x4e26No error (0)analytics-alv.google.com216.239.36.181A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224937916 CEST1.1.1.1192.168.2.70x4e26No error (0)analytics-alv.google.com216.239.34.181A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:11.224937916 CEST1.1.1.1192.168.2.70x4e26No error (0)analytics-alv.google.com216.239.32.181A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.111210108 CEST1.1.1.1192.168.2.70x705eNo error (0)www.google.com172.217.23.100A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.112741947 CEST1.1.1.1192.168.2.70x7625No error (0)www.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org207.211.211.26A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org169.150.255.181A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org212.102.56.179A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org37.19.194.81A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org169.150.255.183A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org195.181.175.40A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.358810902 CEST1.1.1.1192.168.2.70x820bNo error (0)1715720427.rsc.cdn77.org195.181.170.19A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.363368988 CEST1.1.1.1192.168.2.70xca4eNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.404395103 CEST1.1.1.1192.168.2.70x86d5No error (0)googleads.g.doubleclick.net142.250.74.194A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:12.404407978 CEST1.1.1.1192.168.2.70x4fe4No error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:13.360878944 CEST1.1.1.1192.168.2.70xc5b8No error (0)www.google.com216.58.212.164A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:56:13.361717939 CEST1.1.1.1192.168.2.70x4382No error (0)www.google.com65IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:10.614923000 CEST1.1.1.1192.168.2.70xe629No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:57.165771961 CEST1.1.1.1192.168.2.70x6b60No error (0)d74queuslupub.cloudfront.net18.173.205.111A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:57.165771961 CEST1.1.1.1192.168.2.70x6b60No error (0)d74queuslupub.cloudfront.net18.173.205.117A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:57.165771961 CEST1.1.1.1192.168.2.70x6b60No error (0)d74queuslupub.cloudfront.net18.173.205.24A (IP address)IN (0x0001)false
                                                                                                                    Aug 23, 2024 16:57:57.165771961 CEST1.1.1.1192.168.2.70x6b60No error (0)d74queuslupub.cloudfront.net18.173.205.91A (IP address)IN (0x0001)false

                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    0192.168.2.74970520.190.159.68443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:55:57 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 3592
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:55:57 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:55:57 UTC568INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:54:57 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C531_BL2
                                                                                                                    x-ms-request-id: 40c6886f-e378-4a44-87ac-9fd772a3068b
                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D820 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:55:57 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1276
                                                                                                                    2024-08-23 14:55:57 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    1192.168.2.74970620.190.159.68443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:55:58 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 3592
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:55:58 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:55:58 UTC568INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:54:58 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C531_BAY
                                                                                                                    x-ms-request-id: 93f4634b-6970-4667-b0d0-0fed715c8c41
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF00011EBF V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:55:58 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1276
                                                                                                                    2024-08-23 14:55:58 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    2192.168.2.74970720.190.159.68443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:55:58 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 7642
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:55:58 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 74 6f 68 73 75 69 70 74 73 64 72 79 6f 63 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 4b 43 43 25 2c 66 47 6f 33 21 46 70 71 2e 6a 2c 43 75 6c 43 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d
                                                                                                                    Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02tohsuiptsdryoc</Membername><Password>KCC%,fGo3!Fpq.j,CulC</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
                                                                                                                    2024-08-23 14:56:00 UTC542INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: text/xml
                                                                                                                    Expires: Fri, 23 Aug 2024 14:54:58 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C526_BAY
                                                                                                                    x-ms-request-id: 371b6d9e-02e5-44fc-8e95-ef7bf37c0fe7
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF00011CB2 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:55:59 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 17166
                                                                                                                    2024-08-23 14:56:00 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 38 30 30 46 32 38 34 30 35 42 43 42 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 62 32 37 35 34 65 32 33 2d 36 31 36 34 2d 34 65 61 35 2d 39 64 30 38 2d 33 64 36 66 65 30 34 66 37 31 31 34 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                                                    Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018800F28405BCB</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="b2754e23-6164-4ea5-9d08-3d6fe04f7114" LicenseID="3252b20c-d425-4711
                                                                                                                    2024-08-23 14:56:00 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                                                    Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    3192.168.2.74970820.190.159.68443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:01 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 3592
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:56:01 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:56:02 UTC653INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:55:01 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30345.1
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C501_BAY
                                                                                                                    x-ms-request-id: e5b25908-81fc-4980-a68d-2876dc4033da
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF00011CB0 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:01 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11389
                                                                                                                    2024-08-23 14:56:02 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.74970945.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:01 UTC260OUTPOST /inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&version=fa.1091q&src=pcapp_mini&uc=16le HTTP/1.1
                                                                                                                    Content-Type: application/json
                                                                                                                    User-Agent: NSIS_wininet
                                                                                                                    Host: pcapp.store
                                                                                                                    Content-Length: 3640
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:56:01 UTC3640OUTData Raw: 7b 00 22 00 73 00 79 00 73 00 74 00 65 00 6d 00 5f 00 73 00 74 00 61 00 74 00 73 00 22 00 3a 00 7b 00 22 00 6f 00 73 00 5f 00 6e 00 61 00 6d 00 65 00 22 00 3a 00 22 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2b 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 2b 00 31 00 30 00 2b 00 50 00 72 00 6f 00 22 00 2c 00 22 00 6f 00 73 00 5f 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 64 00 61 00 74 00 65 00 22 00 3a 00 22 00 32 00 30 00 32 00 33 00 31 00 30 00 30 00 33 00 31 00 30 00 35 00 37 00 31 00 38 00 25 00 32 00 45 00 30 00 30 00 30 00 30 00 30 00 30 00 25 00 32 00 42 00 31 00 32 00 30 00 22 00 2c 00 22 00 6f 00 73 00 5f 00 70 00 72 00 6f 00 63 00 65 00 73 00 73 00 65 00 73 00 22 00 3a 00 22 00 31 00 30 00 33 00 22 00 2c 00 22 00 6f 00 73 00 5f
                                                                                                                    Data Ascii: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_
                                                                                                                    2024-08-23 14:56:01 UTC509INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:01 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:01 UTC229INData Raw: 64 61 0d 0a 7b 00 22 00 63 00 70 00 67 00 22 00 3a 00 22 00 64 00 65 00 66 00 61 00 75 00 6c 00 74 00 22 00 2c 00 22 00 69 00 6e 00 73 00 74 00 5f 00 65 00 78 00 63 00 6c 00 22 00 3a 00 6e 00 75 00 6c 00 6c 00 2c 00 22 00 69 00 6e 00 73 00 74 00 5f 00 61 00 64 00 64 00 6f 00 6e 00 22 00 3a 00 7b 00 22 00 65 00 75 00 6c 00 61 00 22 00 3a 00 22 00 73 00 6b 00 69 00 70 00 70 00 65 00 64 00 22 00 7d 00 2c 00 22 00 69 00 6e 00 73 00 74 00 5f 00 61 00 64 00 76 00 61 00 6e 00 63 00 65 00 64 00 22 00 3a 00 7b 00 22 00 70 00 61 00 74 00 68 00 22 00 3a 00 22 00 31 00 22 00 2c 00 22 00 73 00 74 00 61 00 72 00 74 00 75 00 70 00 22 00 3a 00 22 00 31 00 22 00 7d 00 7d 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: da{"cpg":"default","inst_excl":null,"inst_addon":{"eula":"skipped"},"inst_advanced":{"path":"1","startup":"1"}}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.74971045.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:02 UTC264OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=show_page&p=wel&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:56:02 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:02 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:02 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    6192.168.2.74971120.190.159.68443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:02 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 3592
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:56:02 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:56:03 UTC653INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:55:03 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30345.1
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C501_BAY
                                                                                                                    x-ms-request-id: f12c2653-cfde-4e94-90a1-1c10531c052c
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF00011CB6 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:02 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11389
                                                                                                                    2024-08-23 14:56:03 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    7192.168.2.74971220.190.159.68443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:04 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4710
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:56:04 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:56:05 UTC656INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:55:05 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    FdrTelemetry: &481=21&59=5&213=292991&215=0&315=1&215=0&315=1&214=30&288=16.0.30345.1
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C501_BAY
                                                                                                                    x-ms-request-id: 32900abb-ac6a-46ac-a935-9f9010f300f9
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF000181B0 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:04 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10173
                                                                                                                    2024-08-23 14:56:05 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    8192.168.2.74971320.190.160.20443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:04 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4775
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:56:04 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:56:04 UTC568INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:55:04 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C531_BAY
                                                                                                                    x-ms-request-id: 8dc75043-25f0-4375-9840-d7b343ce5b74
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF00011DE7 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:04 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 1918
                                                                                                                    2024-08-23 14:56:04 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.74971445.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:05 UTC271OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:56:05 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:05 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:05 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    10192.168.2.74971520.190.160.20443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:05 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4775
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:56:05 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:56:06 UTC653INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:55:05 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30345.1
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C501_BAY
                                                                                                                    x-ms-request-id: c60d7a44-34af-4aeb-8a97-ed67341ccf2d
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF000181B0 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:05 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11409
                                                                                                                    2024-08-23 14:56:06 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.74971745.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:05 UTC265OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:56:06 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:06 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:06 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.74971845.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:07 UTC263OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=download_start&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:56:07 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:07 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:07 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.74971945.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:07 UTC790OUTGET /installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:08 UTC645INHTTP/1.1 307 Temporary Redirect
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:08 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Pragma: no-cache
                                                                                                                    Location: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.749724212.102.56.1794437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:08 UTC186OUTGET /download.php?&src=mini_installer&file=1&mini_ver=fa.1091q HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: delivery.pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:56:08 UTC873INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:08 GMT
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    Content-Length: 93300544
                                                                                                                    Connection: close
                                                                                                                    Content-Description: File Transfer
                                                                                                                    Content-Disposition: attachment; filename="Setup.exe"
                                                                                                                    Expires: Fri, 23 Aug 2024 15:09:56 GMT
                                                                                                                    Cache-Control: max-age=900
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    X-77-NZT: EggB1GY4sQFBDAHUZjgRAfdHAAAA
                                                                                                                    X-77-NZT-Ray: 1cb09c0ede421f4708a3c866ff67a514
                                                                                                                    X-Accel-Expires: @1724425797
                                                                                                                    X-Accel-Date: 1724424897
                                                                                                                    X-77-Cache: HIT
                                                                                                                    X-77-Age: 71
                                                                                                                    Server: CDN77-Turbo
                                                                                                                    X-Cache: MISS
                                                                                                                    X-77-POP: frankfurtDE
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    2024-08-23 14:56:08 UTC15511INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 1f 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 2a 02 00 00 08 00
                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELOah*
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: 1d 14 17 42 00 50 ff 75 0c 68 49 04 00 00 57 ff d6 89 1d 14 17 42 00 33 c0 e9 52 01 00 00 81 7d 0c 11 01 00 00 8b 35 80 82 40 00 75 5b 8b 45 10 c1 e8 10 66 85 c0 0f 85 25 01 00 00 39 1d 14 17 42 00 0f 85 19 01 00 00 a1 20 27 42 00 8d 78 14 f6 07 20 0f 84 08 01 00 00 53 53 68 f0 00 00 00 68 0a 04 00 00 ff 75 08 ff 15 64 82 40 00 50 ff d6 8b 0f 83 e0 01 83 e1 fe 50 0b c8 89 0f e8 cc fc ff ff e8 ef 00 00 00 83 7d 0c 4e 0f 85 c0 00 00 00 68 e8 03 00 00 ff 75 08 ff 15 64 82 40 00 8b 7d 14 81 7f 08 0b 07 00 00 75 67 81 7f 0c 01 02 00 00 75 5e 8b 4f 1c 8b 57 18 89 4d f8 2b ca 81 f9 00 08 00 00 89 55 f4 c7 45 fc 00 82 42 00 73 41 8d 4d f4 51 53 68 4b 04 00 00 50 ff d6 8b 3d ec 81 40 00 68 02 7f 00 00 53 ff d7 50 ff 15 f0 81 40 00 6a 01 ff 75 fc ff 75 08 e8 9a 00
                                                                                                                    Data Ascii: BPuhIWB3R}5@u[Ef%9B 'Bx SShhud@PP}Nhud@}ugu^OWM+UEBsAMQShKP=@hSP@juu
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: 6f 6d 70 61 72 65 46 69 6c 65 54 69 6d 65 00 dc 02 53 65 61 72 63 68 50 61 74 68 57 00 b6 01 47 65 74 53 68 6f 72 74 50 61 74 68 4e 61 6d 65 57 00 6a 01 47 65 74 46 75 6c 6c 50 61 74 68 4e 61 6d 65 57 00 00 71 02 4d 6f 76 65 46 69 6c 65 57 00 0b 03 53 65 74 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 57 00 00 61 01 47 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 57 00 00 1a 03 53 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 57 00 00 56 03 53 6c 65 65 70 00 df 01 47 65 74 54 69 63 6b 43 6f 75 6e 74 00 00 56 00 43 72 65 61 74 65 46 69 6c 65 57 00 63 01 47 65 74 46 69 6c 65 53 69 7a 65 00 7e 01 47 65 74 4d 6f 64 75 6c 65 46 69 6c 65 4e 61 6d 65 57 00 00 42 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 00 b9 00 45 78 69 74 50 72 6f 63 65 73
                                                                                                                    Data Ascii: ompareFileTimeSearchPathWGetShortPathNameWjGetFullPathNameWqMoveFileWSetCurrentDirectoryWaGetFileAttributesWSetFileAttributesWVSleepGetTickCountVCreateFileWcGetFileSize~GetModuleFileNameWBGetCurrentProcessExitProces
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff cb da ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff f3 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 96 b4 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68
                                                                                                                    Data Ascii: ,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: 12 af ae a1 0a 79 93 5c 8f b0 34 c2 ca 80 d4 94 c4 19 fb 75 94 d7 91 54 32 37 3f de ce 9c d3 01 15 2e 6e d5 71 24 be a8 19 7f 39 9f 1d 12 dc 9c 4b a3 a9 67 bd b8 f8 30 e9 3b 04 cc 53 8b 7d 79 98 bb b7 f9 0e db 25 bb af df 63 a2 ae f7 79 8b 85 a8 78 4a 4b dc b8 03 8e 54 2d 0b b0 d3 8f 79 05 e3 3b e4 75 81 23 89 db 86 8b a4 6d e5 74 87 3f 47 77 77 f5 84 1d 4f e5 5e f0 0d df b5 52 03 76 d1 fc fa 76 81 5a 89 74 11 90 2e 33 f4 30 68 55 ec 56 f0 68 38 fd 4a 16 d5 38 ae 6b c1 05 af 2d f7 65 1f 16 c6 3e 65 5b cd 7a a6 11 ef 08 34 5b 25 b3 36 a3 bd 5b c1 4f a6 f7 b3 7a 97 30 df 2f 45 96 fa 70 cd c1 9a df 1e 01 c9 c6 55 66 b9 d0 58 4a 77 28 cf e2 26 dc 2d c4 2b ff a8 e7 e9 df 88 6e 01 8f 8e 6c 37 7d 1f e5 4c 54 22 ff d7 7e 94 c6 8b e1 f8 1c a6 bc 5a ee dd 2a 5a 91
                                                                                                                    Data Ascii: y\4uT27?.nq$9Kg0;S}y%cyxJKT-y;u#mt?GwwO^RvvZt.30hUVh8J8k-e>e[z4[%6[Oz0/EpUfXJw(&-+nl7}LT"~Z*Z
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: e7 75 0c 43 9b 4b 0c d4 85 a7 5a 28 f0 89 82 bc d5 42 1c 13 aa 4d 4a 71 51 8a bd 0d 14 08 48 65 09 3c 0e 46 1d 06 d1 2f d4 28 ab 1d 32 2c d7 2d e5 d6 71 7a 08 06 25 b2 e7 d9 1b 2a 60 ed 04 3f de 8c d0 3c 93 9c 7b 51 8a e9 f8 f0 6b e8 90 f8 ee f9 a9 f7 fe 5a e6 f9 66 06 3b 0c d4 6a fd ff e5 20 02 7f 0f e1 ae 51 fa 6e 79 6f f8 99 d4 56 63 e0 2b e9 e7 d6 15 ba 3d 93 23 7e 72 7e 29 2a 53 7d 1b 32 a7 17 9a 76 5d d6 f5 53 50 7a 97 4e 86 3d 4a 2e 3b 37 65 41 bc 18 00 a5 be 24 69 73 04 9f 73 26 4f e3 35 09 e1 83 a9 ef af 06 4b 00 b0 e8 af dd 7e 77 51 50 52 82 07 7a f2 d8 00 e3 c8 69 f7 5b ac ac b4 11 dc 02 c3 a3 22 1d ff 4b 6f 50 e5 f4 41 a8 a2 c7 98 cf e3 6f a6 5a 28 1d 52 c1 d9 6f 2b 72 bc 5c fc 6e 30 df 57 cc 6b 9c 78 02 cc 64 8d 7c 5a f7 5b 75 82 ce b8 fb 1d
                                                                                                                    Data Ascii: uCKZ(BMJqQHe<F/(2,-qz%*`?<{QkZf;j QnyoVc+=#~r~)*S}2v]SPzN=J.;7eA$iss&O5K~wQPRzi["KoPAoZ(Ro+r\n0Wkxd|Z[u
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: 53 b8 93 e0 a3 18 a9 7d 25 e7 d2 d3 b1 53 0d bd 00 4d e1 72 65 0c c0 ef a0 bc cf 51 ea 47 ca 28 fc dc 5b 88 bd 93 87 52 5e 44 12 ad 13 9a 43 29 a9 e3 bb 2b 9d 4a 26 68 81 03 d0 f9 c4 e7 52 22 ad 39 a7 03 07 93 23 8c 08 a6 2f be 5c 22 61 d5 3c 89 30 32 21 76 9d 8f 1e 44 73 06 c1 71 3f 0c b8 ee d2 33 76 39 d1 60 30 3f 01 43 c3 aa cd f4 d5 60 5b 0d e7 de 06 f2 51 05 00 82 42 ad df 1d 4a a2 f2 19 40 f3 ae 9a db 02 f7 50 35 4b 9c 0d 98 68 89 28 c9 a3 b6 87 8d 10 fb 3e 30 fa 35 91 37 98 e3 de e4 d9 10 12 82 d1 08 bc 24 da a7 6f f3 bd 78 d6 49 61 59 0c a1 20 af ac 04 b0 e1 7e a1 19 5d 8d 95 cc 15 18 33 21 7c bf c2 09 a6 8f 39 e0 06 15 24 56 f1 bc 73 dc f8 0b 2a ac a7 64 c1 e1 4b 02 f2 03 de a6 33 56 99 cf 5e 4b b9 43 ca 98 8a 51 a5 0a f6 3e 6b 79 04 0c 31 26 b9
                                                                                                                    Data Ascii: S}%SMreQG([R^DC)+J&hR"9#/\"a<02!vDsq?3v9`0?C`[QBJ@P5Kh(>057$oxIaY ~]3!|9$Vs*dK3V^KCQ>ky1&
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: c8 5b e0 d5 31 12 e9 af 56 2d cd 72 6b c6 43 18 d5 97 86 c1 f4 99 59 67 74 f3 3c 75 24 61 1f ee f0 58 27 01 93 8d 01 a6 8e a4 95 1f 55 af 88 fa 56 4a d5 39 7f 33 e1 cb 51 aa 47 92 35 2a b7 a5 0f f9 71 23 44 43 04 6c 0a e6 91 e3 a5 c2 c5 9b a3 2f 48 14 f3 f4 06 5f 4e f0 c5 eb 17 7a 6e e0 e0 fa 38 a4 99 40 c7 15 8e 26 eb bc 69 f2 0e 9b af 45 1e 05 f4 18 90 59 26 eb 2f 2d 63 9d 6e 38 07 76 78 3e 79 8e 30 df 94 fb 8f 77 38 69 4f 43 d8 dc f2 29 5b 5d 9a 9d 41 24 09 82 42 c8 61 29 ef ea d2 12 af 24 54 87 a1 b0 22 c1 ad df d6 ca 31 90 44 7e 0d 50 7c 11 40 fc 80 ab bf 5f 7c 4c d5 dd 28 f7 5b e9 bf 29 94 8f f7 ee 09 43 91 a3 70 29 28 60 a2 94 0d fc b2 db f2 61 81 aa 69 6e e2 7f 40 4b 55 e0 0b e7 da 4b 7e 0e 44 75 00 bd dc 54 62 99 86 00 67 48 f0 ed 12 6f f5 42 ca
                                                                                                                    Data Ascii: [1V-rkCYgt<u$aX'UVJ93QG5*q#DCl/H_Nzn8@&iEY&/-cn8vx>y0w8iOC)[]A$Ba)$T"1D~P|@_|L([)Cp)(`ain@KUK~DuTbgHoB
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: 92 39 95 9a 53 f8 6a d1 bb f0 50 8c 70 b3 df 76 cb 65 41 e4 70 ef 80 b4 6d 5b 91 bd 86 ff 7b 48 1f da b1 08 8f fa c9 0d 46 d8 5e c4 c1 da 0a 46 80 70 2b 43 ed 02 02 25 2c 0c 69 c0 af 87 6b b9 cf 02 d7 5b 60 03 94 38 33 79 a0 16 67 07 86 91 38 09 2c 84 0a 7f 2d 92 d2 e0 f4 e7 6f 3e 79 b6 3c a3 a1 ef ce 73 06 67 ca cb e4 8f 9c ca b9 80 28 e3 ac 33 9a e9 09 b5 3d 9f 80 1e ac c3 26 88 85 3c d6 33 0c 6a aa 21 95 54 4a f5 3c bb 2a 60 6a e1 c7 82 e6 e0 9a 45 ed d9 d4 cf e8 38 59 8f 8e be 7f 17 c4 75 dd 0e a8 c6 ca a8 fe d4 81 99 ba af 15 ab 6d be 9c a5 6f 23 72 7e 4f 2d 58 87 63 89 1b 09 98 5d e9 b0 83 27 9d 4f 5e 14 6b d3 a4 35 d6 60 6b e6 00 e2 df 94 f9 89 34 19 76 ad 66 a2 60 f8 77 ea 95 d6 a5 1e 2a b8 fc 83 34 9d 4c 10 36 21 9b 96 55 35 6b 6f 7f 64 d7 01 83
                                                                                                                    Data Ascii: 9SjPpveApm[{HF^Fp+C%,ik[`83yg8,-o>y<sg(3=&<3j!TJ<*`jE8Yumo#r~O-Xc]'O^k5`k4vf`w*4L6!U5kod
                                                                                                                    2024-08-23 14:56:08 UTC16384INData Raw: ae be c0 5c db 0f 9d d3 ef d1 42 f0 07 a7 03 b9 ee 25 fb 49 80 ae 3c 79 aa 66 ce 05 fb 15 75 24 6d 96 03 54 de ce 5c 05 32 7c 4a a9 b2 cf ee 50 fe f0 f1 d4 93 9a 85 94 5f 55 40 d3 22 40 1f 74 0a 60 fa d6 30 b9 8c 06 09 00 2a 64 95 49 7b ac de a4 bb 5d 6e 74 b3 83 eb 4c 9a fd cf ea d9 74 20 1a 6b 64 a4 cb 2b a9 e0 fb 98 35 8f b5 d6 82 3b f6 4e 70 b3 70 3d 2b bb 94 02 a1 00 78 e1 12 5f 9a 3c 97 fe 4f 88 5e 86 91 33 bf d0 90 e0 2c d5 74 cb 48 02 16 53 8a a7 10 fb 51 bf f6 9d 1a 76 cd 15 73 54 02 57 02 65 cc 30 a1 dd f8 b4 22 bc c7 44 cc 1b 5a 4c 6b 79 de d4 82 85 86 98 15 ca e1 23 f0 2a ee d5 8a 6b 6c 4a 3c 58 35 f5 67 d6 86 0f b9 6d b3 23 d5 fb 51 05 c5 3b 17 65 5d e2 62 35 20 6d f1 99 d1 97 50 f1 64 b4 fe 82 d5 e8 34 e8 c9 03 df 64 84 af bd a3 c2 6e be d2
                                                                                                                    Data Ascii: \B%I<yfu$mT\2|JP_U@"@t`0*dI{]ntLt kd+5;Npp=+x_<O^3,tHSQvsTWe0"DZLky#*klJ<X5gm#Q;e]b5 mPd4dn


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    15192.168.2.74972320.190.160.20443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:08 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4775
                                                                                                                    Host: login.live.com
                                                                                                                    2024-08-23 14:56:08 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-08-23 14:56:08 UTC569INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 23 Aug 2024 14:55:08 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C501_BL2
                                                                                                                    x-ms-request-id: 10e7938f-e6be-4b04-92ed-49c82e19a4a8
                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D809 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:08 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11389
                                                                                                                    2024-08-23 14:56:08 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.74972845.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:08 UTC770OUTGET /?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:08 UTC585INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:08 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Set-Cookie: srcr=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:08 UTC15799INData Raw: 31 65 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 50 50 20 53 54 4f 52 45 3a 20 49 6e 73 74 61 6c 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 6c 70 2f 61 70 70 73 74 6f 72 65 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a
                                                                                                                    Data Ascii: 1e3b<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>APP STORE: Installing</title> <link rel="icon" href="/lp/appstore/img/favicon.ico" />
                                                                                                                    2024-08-23 14:56:08 UTC13663INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6c 70 2f 6c 70 64 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 2f 73 72 63 2f 6c 70 64 0d 0a 32 30 30 30 0d 0a 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 2e 6d 69 6e 2e 6a 73 3f 6e 6f 63 61 63 68 65 3d 31 37 30 39 36 33 36 30 35 39 34 30 36 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 2f 2f 2f 20 6d 61 69 6e 2e 6a 73 20 2f 2f 2f 0a 20 20 20 20 20 20 69 66 28 20 74 79 70
                                                                                                                    Data Ascii: </div> </div> </div> </div> <script src="/src/main_code.js"></script> <script src="/lp/lpd_installing_r2/src/lpd2000_installing_r2.min.js?nocache=1709636059406"></script> <script> /// main.js /// if( typ


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.74973145.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:09 UTC709OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406 HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: text/css,*/*;q=0.1
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: style
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:09 UTC350INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:09 GMT
                                                                                                                    Content-Type: text/css
                                                                                                                    Content-Length: 65638
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:09 UTC16034INData Raw: 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 30 2e 36 37 65 6d 20 30 7d 68 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67
                                                                                                                    Data Ascii: /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:0.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;heig
                                                                                                                    2024-08-23 14:56:09 UTC16384INData Raw: 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 30 25 29 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 31 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 20 6c 65 66 74 20 74 6f 70 2c 20 72 69 67 68 74 20 74 6f 70 2c 20 66 72 6f 6d 28 72 67 62 61 28 32 2c 30 2c 33 36 2c 30 29 29 2c 20 74 6f 28 23 33 36 38 33 66 37 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 39 30 64 65 67 2c 20 72 67 62 61 28 32 2c 30 2c 33 36 2c 30 29 20 30 25 2c 20 23 33 36 38 33 66 37 20 31 30 30 25 29 3b 7a 2d 69 6e 64 65 78 3a 31 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 64 6f 77 6e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e
                                                                                                                    Data Ascii: transform:translateX(0%);width:0;height:10px;background:-webkit-gradient(linear, left top, right top, from(rgba(2,0,36,0)), to(#3683f7));background:linear-gradient(90deg, rgba(2,0,36,0) 0%, #3683f7 100%);z-index:10;-webkit-animation-name:downloading-spinn
                                                                                                                    2024-08-23 14:56:09 UTC16384INData Raw: 34 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 35 3b 6f 72 64 65 72 3a 34 7d 2e 6f 72 64 65 72 2d 6d 64 2d 35 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 35 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 36 3b 6f 72 64 65 72 3a 35 7d 2e 6f 72 64 65 72 2d 6d 64 2d 36 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 36 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 37 3b 6f 72 64 65 72 3a 36 7d 2e 6f 72 64 65 72 2d 6d 64 2d 37 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 37 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 38 3b 6f 72 64 65 72 3a 37 7d 2e 6f 72 64 65 72 2d 6d 64 2d 38 7b 2d 6d 73 2d 66 6c 65 78 2d 6f
                                                                                                                    Data Ascii: 4;-webkit-box-ordinal-group:5;order:4}.order-md-5{-ms-flex-order:5;-webkit-box-ordinal-group:6;order:5}.order-md-6{-ms-flex-order:6;-webkit-box-ordinal-group:7;order:6}.order-md-7{-ms-flex-order:7;-webkit-box-ordinal-group:8;order:7}.order-md-8{-ms-flex-o
                                                                                                                    2024-08-23 14:56:09 UTC16384INData Raw: 6e 3a 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 73 65 6c 66 2d 6c 67 2d 73 74 61 72 74 7b 2d 6d 73 2d 66 6c 65 78 2d 69 74 65 6d 2d 61 6c 69 67 6e 3a 73 74 61 72 74 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 73 74 61 72 74 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 73 65 6c 66 2d 6c 67 2d 65 6e 64 7b 2d 6d 73 2d 66 6c 65 78 2d 69 74 65 6d 2d 61 6c 69 67 6e 3a 65 6e 64 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 65 6e 64 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 73 65 6c 66 2d 6c 67 2d 63 65 6e 74 65 72 7b 2d 6d 73 2d 66 6c 65 78 2d 69 74 65
                                                                                                                    Data Ascii: n:auto !important;align-self:auto !important}.align-self-lg-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-lg-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-lg-center{-ms-flex-ite
                                                                                                                    2024-08-23 14:56:09 UTC452INData Raw: 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 74 61 62 6c 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 74 61 62 6c 65 2d 72 6f 77 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 2d 72 6f 77 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 74 61 62 6c 65 2d 63 65 6c 6c 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 2d 63 65 6c 6c 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 66 6c 65 78 7b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78
                                                                                                                    Data Ascii: nline-block{display:inline-block !important}.d-print-block{display:block !important}.d-print-table{display:table !important}.d-print-table-row{display:table-row !important}.d-print-table-cell{display:table-cell !important}.d-print-flex{display:-ms-flexbox


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.74973045.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:09 UTC746OUTGET /images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:09 UTC327INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:09 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 162
                                                                                                                    Connection: close
                                                                                                                    Location: https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    2024-08-23 14:56:09 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.74973945.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:10 UTC639OUTGET /src/main_code.js HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:10 UTC364INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:10 GMT
                                                                                                                    Content-Type: application/javascript
                                                                                                                    Content-Length: 12513
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:10 UTC12513INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.749737207.211.211.274438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:10 UTC645OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1
                                                                                                                    Host: repository.pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:10 UTC713INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:10 GMT
                                                                                                                    Content-Type: image/svg+xml
                                                                                                                    Content-Length: 2118
                                                                                                                    Connection: close
                                                                                                                    x-amz-id-2: VnXbMdQrMnDZ7RxRcp9Z9nX5AOhWlZ7/zrE6KB6T0/LE6m3Vo4OpWV+2fZVthwSD1SjXgpKMgrE=
                                                                                                                    x-amz-request-id: 0VTPN0WH96JBTFRZ
                                                                                                                    Last-Modified: Wed, 28 Feb 2024 14:20:34 GMT
                                                                                                                    ETag: "1039640cf0666a1621d55c9e9fa81439"
                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                    x-amz-version-id: TOr7Qz1D1UcT8CbM_PbCtRSNYTOORIzt
                                                                                                                    X-77-NZT: EggBz9PTGQFBDAHUZjgRAfeN/QMA
                                                                                                                    X-77-NZT-Ray: 43862e2463a15f890aa3c866a96ec719
                                                                                                                    X-Accel-Expires: @1725200253
                                                                                                                    X-Accel-Date: 1724163453
                                                                                                                    X-77-Cache: HIT
                                                                                                                    X-77-Age: 261517
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: CDN77-Turbo
                                                                                                                    X-Cache: MISS
                                                                                                                    X-77-POP: frankfurtDE
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    2024-08-23 14:56:10 UTC2118INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 33 32 22 20 68 65 69 67 68 74 3d 22 31 33 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 33 32 20 31 33 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 37 39 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 36 20 31 32 2e 35 41 34 2e 35 20 34 2e 35 20 30 20 30 31 32 30 2e 35 20 38 68 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 34 2e 35 20 34 2e 35 76 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 20 34 2e 35 68 2d 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 2d 34 2e 35 76 2d 39 31 7a 22 20 66 69 6c 6c 3d
                                                                                                                    Data Ascii: <svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.74974245.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:10 UTC694OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:10 UTC363INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:10 GMT
                                                                                                                    Content-Type: application/javascript
                                                                                                                    Content-Length: 9559
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:10 UTC9559INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 20 7b 20 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 20 72 65 74 75 72 6e 20 5f 74 79 70 65 6f 66 20 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 22 73 79 6d 62 6f 6c 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 20 3f 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 3b 20 7d 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 6f 62 6a 20 26 26 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 6f 62
                                                                                                                    Data Ascii: "use strict";function _typeof(obj) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) { return typeof obj; } : function (obj) { return obj && "function" == typeof Symbol && ob


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.74973845.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:10 UTC733OUTGET /images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719
                                                                                                                    2024-08-23 14:56:10 UTC326INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:10 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 162
                                                                                                                    Connection: close
                                                                                                                    Location: https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    2024-08-23 14:56:10 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.749746159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:10 UTC417OUTGET /src/main_code.js HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970
                                                                                                                    2024-08-23 14:56:10 UTC364INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:10 GMT
                                                                                                                    Content-Type: application/javascript
                                                                                                                    Content-Length: 12513
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:10 UTC12513INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.74974945.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC835OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 74
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D
                                                                                                                    2024-08-23 14:56:11 UTC74OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 22 2c 22 61 22 3a 22 74 72 69 67 67 65 72 22 2c 22 70 22 3a 7b 22 74 22 3a 22 66 69 6e 69 73 68 49 6e 73 74 61 6c 6c 46 61 22 2c 22 77 73 22 3a 74 72 75 65 2c 22 61 64 64 22 3a 7b 7d 7d 7d
                                                                                                                    Data Ascii: {"c":"front","a":"trigger","p":{"t":"finishInstallFa","ws":true,"add":{}}}
                                                                                                                    2024-08-23 14:56:11 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:11 UTC215INData Raw: 63 63 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 5c 6e 20 20 67 74 61 67 28 27 65 76 65 6e 74 27 2c 20 27 63 6f 6e 76 65 72 73 69 6f 6e 27 2c 20 7b 5c 6e 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 41 57 2d 38 35 38 31 32 38 32 31 30 5c 2f 6b 54 61 46 43 49 75 71 30 59 59 5a 45 4e 4c 2d 6c 35 6b 44 27 2c 5c 6e 20 20 20 20 20 20 27 76 61 6c 75 65 27 3a 20 31 2e 30 2c 5c 6e 20 20 20 20 20 20 27 63 75 72 72 65 6e 63 79 27 3a 20 27 55 53 44 27 2c 5c 6e 20 20 20 20 20 20 27 61 77 5f 72 65 6d 61 72 6b 65 74 69 6e 67 5f 6f 6e 6c 79 27 3a 20 74 72 75 65 5c 6e 20 20 7d 29 3b 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: cc{"state":"ok","result":"\n gtag('event', 'conversion', {\n 'send_to': 'AW-858128210\/kTaFCIuq0YYZENL-l5kD',\n 'value': 1.0,\n 'currency': 'USD',\n 'aw_remarketing_only': true\n });"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.74975045.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC837OUTPOST /pixelgif.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 351
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D
                                                                                                                    2024-08-23 14:56:11 UTC351OUTData Raw: 7b 22 65 76 74 5f 73 72 63 22 3a 22 77 65 62 22 2c 22 65 76 74 5f 61 63 74 69 6f 6e 22 3a 22 76 69 73 74 79 70 65 22 2c 22 67 70 75 22 3a 22 47 6f 6f 67 6c 65 2c 20 56 75 6c 6b 61 6e 20 31 2e 33 2e 30 20 28 53 77 69 66 74 53 68 61 64 65 72 20 44 65 76 69 63 65 20 28 53 75 62 7a 65 72 6f 29 20 28 30 78 30 30 30 30 43 30 44 45 29 29 2c 20 53 77 69 66 74 53 68 61 64 65 72 20 64 72 69 76 65 72 29 22 2c 22 68 65 69 67 68 74 22 3a 31 32 38 30 2c 22 77 69 64 74 68 22 3a 31 30 32 34 2c 22 62 72 6f 77 73 65 72 22 3a 22 43 48 22 2c 22 62 72 6f 77 73 65 72 76 65 72 22 3a 31 31 37 2c 22 6f 73 22 3a 22 31 30 22 2c 22 63 6f 6f 6b 69 65 73 22 3a 31 2c 22 6d 65 6d 6f 72 79 22 3a 38 2c 22 7a 6f 6f 6d 22 3a 31 30 30 2c 22 76 69 64 65 6f 5f 69 6e 70 75 74 22 3a 30 2c 22 61
                                                                                                                    Data Ascii: {"evt_src":"web","evt_action":"vistype","gpu":"Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver)","height":1280,"width":1024,"browser":"CH","browserver":117,"os":"10","cookies":1,"memory":8,"zoom":100,"video_input":0,"a
                                                                                                                    2024-08-23 14:56:11 UTC498INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Content-Type: image/png
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:11 UTC106INData Raw: 35 66 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 5fPNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.749744142.250.186.984438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC1406OUTGET /td/rul/858128210?random=1724424969537&cv=11&fst=1724424969537&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1
                                                                                                                    Host: td.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-Dest: iframe
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:11 UTC785INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:11 UTC605INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                    Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 74 65 3f 69 67 5f 6e 61 6d 65 3d 34 73 32 38 36 34 39 33 30 36 34 2e 31 37 32 34 34 32 34 39 37 30 5c 75 30 30 32 36 74 61 67 5f 65 69 64 3d 34 34 38 30 35 36 36 34 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 4e 61 5a 4a 32 41 21 32 73 5a 76 41 77 43 77 21 33 73 41 41 70 74 44 56 37 51 76 76 52 69 22 2c 22 31 69 34 34 38 30 35 36 36 34 22 5d 2c 22 75 73 65 72 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 22 3a 5b 5b 22 37 39 30 34 37 30 35 36 36 31 22 2c 22 37 39 30 34 32 38 33 38 31 32 22 2c 22 35 39 36 30 39 33 32
                                                                                                                    Data Ascii: te?ig_name=4s286493064.1724424970\u0026tag_eid=44805664","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sNaZJ2A!2sZvAwCw!3sAAptDV7QvvRi","1i44805664"],"userBiddingSignals":[["7904705661","7904283812","5960932
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 71 41 71 57 5f 4b 71 63 6c 51 67 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f
                                                                                                                    Data Ascii: ll,"7904705661"],"adRenderId":"qAqW_KqclQg","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 36 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 32 38 33 38 31 32 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 52 51 47 64 45 75 77 4b 4f 58 6f 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73
                                                                                                                    Data Ascii: WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904283812!4s*2A","metadata":["163766597928","688766820456",null,"20788079887",null,null,null,null,null,null,"7904283812"],"adRenderId":"RQGdEuwKOXo","buyerReportingId":"1j7904283812!4s
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 42 67 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 37 32 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35
                                                                                                                    Data Ascii: Bg","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117722\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 33 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 32 38 33 38 31 32 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 76 68 68 79 4f 6d 63 57 65 65 41 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b
                                                                                                                    Data Ascii: u0026seat=2\u0026rp_id=r1j7904283812!4s*2A","metadata":["163766597928","688766820453",null,"20788079887",null,null,null,null,null,null,"7904283812"],"adRenderId":"vhhyOmcWeeA","buyerReportingId":"1j7904283812!4s*2A"},{"renderUrl":"https://tdsf.doubleclick
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 39 35 31 37 35 30 31 39 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 39
                                                                                                                    Data Ascii: },{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688795175019\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["163766597928","68879
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 30 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 32 38 33 38 31 32 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 6f 6a 65 38 44 30 51 4e 51 51 63 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37
                                                                                                                    Data Ascii: !4s*2A","metadata":["163766597928","688766820450",null,"20788079887",null,null,null,null,null,null,"7904283812"],"adRenderId":"oje8D0QNQQc","buyerReportingId":"1j7904283812!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 36 37 38 36 34 31 31 32 35 38 22 2c 22 36 38 32 32 33 39 32 33 34 32 31 32 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75
                                                                                                                    Data Ascii: click.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904283812!4s*2A","metadata":["156786411258","682239234212",null,"20788079887",null,nu
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 38 38 37 39 35 31 37 35 30 31 39 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 57 31 4e 50 45 67 45 58 6a 52 67 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 35 36 33 5c 75 30 30 32 36 63 76 5f 69 64 3d
                                                                                                                    Data Ascii: 88795175019",null,"20788079887",null,null,null,null,null,null,"475816165"],"adRenderId":"W1NPEgEXjRg","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117563\u0026cv_id=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.749745142.250.186.984438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC1404OUTGET /td/rul/858128210?random=1724424969591&cv=11&fst=1724424969591&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view HTTP/1.1
                                                                                                                    Host: td.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-Dest: iframe
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:11 UTC785INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:11 UTC605INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                    Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 74 65 3f 69 67 5f 6e 61 6d 65 3d 34 73 32 38 36 34 39 33 30 36 34 2e 31 37 32 34 34 32 34 39 37 30 5c 75 30 30 32 36 74 61 67 5f 65 69 64 3d 34 34 38 30 35 36 36 34 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 4e 61 5a 4a 32 41 21 32 73 5a 76 41 77 43 77 21 33 73 41 41 70 74 44 56 37 51 76 76 52 69 22 2c 22 31 69 34 34 38 30 35 36 36 34 22 5d 2c 22 75 73 65 72 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 22 3a 5b 5b 22 37 39 30 34 37 30 35 36 36 31 22 2c 22 35 39 36 30 39 33 32 38 38 22 2c 22 37 39 30 34 32 38 33 38
                                                                                                                    Data Ascii: te?ig_name=4s286493064.1724424970\u0026tag_eid=44805664","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sNaZJ2A!2sZvAwCw!3sAAptDV7QvvRi","1i44805664"],"userBiddingSignals":[["7904705661","596093288","79042838
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 6c 6c 2c 22 37 39 30 34 32 38 33 38 31 32 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 50 4e 62 41 55 62 31 4d 69 47 59 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f
                                                                                                                    Data Ascii: ll,"7904283812"],"adRenderId":"PNbAUb1MiGY","buyerReportingId":"1j7904283812!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 36 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 35 39 36 30 39 33 32 38 38 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 74 6c 6e 6a 42 73 54 57 52 49 41 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41
                                                                                                                    Data Ascii: WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j596093288!4s*2A","metadata":["163766597928","688766820456",null,"20788079887",null,null,null,null,null,null,"596093288"],"adRenderId":"tlnjBsTWRIA","buyerReportingId":"1j596093288!4s*2A
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 37 32 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73
                                                                                                                    Data Ascii: ,"buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117722\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 33 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 35 39 36 30 39 33 32 38 38 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 4e 72 79 30 78 4c 76 6f 7a 69 63 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74
                                                                                                                    Data Ascii: 26seat=2\u0026rp_id=r1j596093288!4s*2A","metadata":["163766597928","688766820453",null,"20788079887",null,null,null,null,null,null,"596093288"],"adRenderId":"Nry0xLvozic","buyerReportingId":"1j596093288!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/t
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 39 35 31 37 35 30 31 39 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 39 35 31 37 35 30 31
                                                                                                                    Data Ascii: nderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688795175019\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904283812!4s*2A","metadata":["163766597928","68879517501
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 30 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 35 39 36 30 39 33 32 38 38 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 33 6d 4c 55 52 6b 62 67 6f 62 55 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36
                                                                                                                    Data Ascii: ,"metadata":["163766597928","688766820450",null,"20788079887",null,null,null,null,null,null,"596093288"],"adRenderId":"3mLURkbgobU","buyerReportingId":"1j596093288!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 36 37 38 36 34 31 31 32 35 38 22 2c 22 36 38 32 32 33 39 32 33 34 32 31 32 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                    Data Ascii: /adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j596093288!4s*2A","metadata":["156786411258","682239234212",null,"20788079887",null,null,null,null,
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 57 31 4e 50 45 67 45 58 6a 52 67 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 35 36 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24
                                                                                                                    Data Ascii: ll,"20788079887",null,null,null,null,null,null,"475816165"],"adRenderId":"W1NPEgEXjRg","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117563\u0026cv_id=0\u0026format=$


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.74975145.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC835OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D
                                                                                                                    2024-08-23 14:56:11 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:11 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:11 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.749747207.211.211.274438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC710OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1
                                                                                                                    Host: repository.pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970
                                                                                                                    2024-08-23 14:56:11 UTC713INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Content-Type: image/svg+xml
                                                                                                                    Content-Length: 3592
                                                                                                                    Connection: close
                                                                                                                    x-amz-id-2: 6CM9835YiIa1mEEy2I07UYwG0lrmPbIJN/eABSpwQGYlDP3nrxsKjRzLDFRde2XXY6ICL8ZoD5o=
                                                                                                                    x-amz-request-id: 0VTTJ0T3G6YZKFQX
                                                                                                                    Last-Modified: Mon, 04 Mar 2024 09:39:52 GMT
                                                                                                                    ETag: "0ffc071bc5af33d2be224cf147670471"
                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                    x-amz-version-id: nJOeS_LpKZ1Wvwro1OOF_QoPQBn9qYBO
                                                                                                                    X-77-NZT: EggBz9PTGQFBDAElE8I0Afe8/QMA
                                                                                                                    X-77-NZT-Ray: 43862e2483a96cb00ba3c866e135a112
                                                                                                                    X-Accel-Expires: @1725200207
                                                                                                                    X-Accel-Date: 1724163407
                                                                                                                    X-77-Cache: HIT
                                                                                                                    X-77-Age: 261564
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: CDN77-Turbo
                                                                                                                    X-Cache: MISS
                                                                                                                    X-77-POP: frankfurtDE
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    2024-08-23 14:56:11 UTC3592INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 30 37 22 20 68 65 69 67 68 74 3d 22 31 30 39 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 37 20 31 30 39 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 38 36 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 38 2e 38 35 36 20 34 31 2e 36 31 34 63 2e 30 34 38 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 39 36 2e 30 34 38 2d 2e 30 34 38 2e 30 34 38 2d 2e 30 39 36 2e 30 34 38 2d 2e 31 34 33 76 2d 2e 31 39 32 63 30 2d 2e 30 39 36 2d 2e 30 34 38 2d 2e 31 34 34 2d 2e 30 39 36 2d 2e 32 34 61 2e 38 34 2e 38 34 20 30 20
                                                                                                                    Data Ascii: <svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.749748142.250.185.1624438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC1282OUTGET /pagead/viewthroughconversion/858128210/?random=1724424969537&cv=11&fst=1724424969537&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:11 UTC842INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:11 UTC548INData Raw: 61 61 34 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 70 3d 3d 6e 75 6c 6c 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                    Data Ascii: aa4(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 20 67 3f 21 21 74 26 26 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53 69 6c 6b 22 29 7d 3b 21 78 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 7a 28 29 3b 7a 28 29 3b 21 78 28 22 53 61 66 61 72 69 22 29 7c 7c 7a 28 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 43 6f 61 73 74 22 29 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 4f 70 65 72 61 22 29 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 28 79 28 29 3f 77 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 78 28 22 45
                                                                                                                    Data Ascii: g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("E
                                                                                                                    2024-08-23 14:56:11 UTC793INData Raw: 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 74 61 67 5f 65 78 70 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78 33 64 68 74 74 70 73 25 33 41 25 32 46 25 32 46 70 63 61 70 70 2e 73 74 6f 72 65 25 32 46 25 33 46 70 25 33 44 6c 70 64 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 25 32 36 67 75 69 64 25 33 44 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 25 32 36 5f 66 63 69 64 25 33 44 31 37 31 39 34 31 36 34 32 33 32 39 31 37 31 39 25 32 36 5f 77 69 6e 76 65 72 25 33 44 31 39 30 34 35 25 32 36 76 65 72 73 69 6f 6e 25 33 44 66 61 2e 31 30 39 31 71 5c 78 32 36 68 6e 5c 78 33 64 77 77 77 2e 67 6f 6f 67 6c 65 61
                                                                                                                    Data Ascii: 1\x26dma\x3d0\x26tag_exp\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x3dhttps%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q\x26hn\x3dwww.googlea
                                                                                                                    2024-08-23 14:56:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.749755142.250.185.1624438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC1280OUTGET /pagead/viewthroughconversion/858128210/?random=1724424969591&cv=11&fst=1724424969591&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:11 UTC842INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:11 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:11 UTC548INData Raw: 61 61 32 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 70 3d 3d 6e 75 6c 6c 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                    Data Ascii: aa2(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var
                                                                                                                    2024-08-23 14:56:11 UTC1390INData Raw: 20 67 3f 21 21 74 26 26 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53 69 6c 6b 22 29 7d 3b 21 78 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 7a 28 29 3b 7a 28 29 3b 21 78 28 22 53 61 66 61 72 69 22 29 7c 7c 7a 28 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 43 6f 61 73 74 22 29 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 4f 70 65 72 61 22 29 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 28 79 28 29 3f 77 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 78 28 22 45
                                                                                                                    Data Ascii: g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("E
                                                                                                                    2024-08-23 14:56:11 UTC791INData Raw: 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 74 61 67 5f 65 78 70 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78 33 64 68 74 74 70 73 25 33 41 25 32 46 25 32 46 70 63 61 70 70 2e 73 74 6f 72 65 25 32 46 25 33 46 70 25 33 44 6c 70 64 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 25 32 36 67 75 69 64 25 33 44 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 25 32 36 5f 66 63 69 64 25 33 44 31 37 31 39 34 31 36 34 32 33 32 39 31 37 31 39 25 32 36 5f 77 69 6e 76 65 72 25 33 44 31 39 30 34 35 25 32 36 76 65 72 73 69 6f 6e 25 33 44 66 61 2e 31 30 39 31 71 5c 78 32 36 68 6e 5c 78 33 64 77 77 77 2e 67 6f 6f 67 6c 65 61
                                                                                                                    Data Ascii: 1\x26dma\x3d0\x26tag_exp\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x3dhttps%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q\x26hn\x3dwww.googlea
                                                                                                                    2024-08-23 14:56:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.749754216.58.212.1424438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC949OUTPOST /ccm/form-data/858128210?gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&npa=0&frm=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1 HTTP/1.1
                                                                                                                    Host: google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 0
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:11 UTC445INHTTP/1.1 204 No Content
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Content-Type: text/plain
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Server: Golfe2
                                                                                                                    Content-Length: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.749758216.239.38.1814438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:11 UTC1295OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je48l0v898645365za200zb9103256652&_p=1724424969048&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1878683437.1724424970&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1724424970&sct=1&seg=0&dl=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&dt=APP%20STORE%3A%20Installing&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=5157 HTTP/1.1
                                                                                                                    Host: analytics.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 0
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:11 UTC445INHTTP/1.1 204 No Content
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:11 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Content-Type: text/plain
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Server: Golfe2
                                                                                                                    Content-Length: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.74975966.102.1.1544438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC798OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&cid=1878683437.1724424970&gtm=45je48l0v898645365za200zb9103256652&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0 HTTP/1.1
                                                                                                                    Host: stats.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 0
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:12 UTC445INHTTP/1.1 204 No Content
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Content-Type: text/plain
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Server: Golfe2
                                                                                                                    Content-Length: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.749760142.250.186.984438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC940OUTGET /td/ga/rul?tid=G-VFQWFX3X1C&gacid=1878683437.1724424970&gtm=45je48l0v898645365za200zb9103256652&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1303857156 HTTP/1.1
                                                                                                                    Host: td.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-Dest: iframe
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:12 UTC785INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:12 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:12 UTC18INData Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: d<html></html>
                                                                                                                    2024-08-23 14:56:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.749761216.58.212.1424438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC976OUTPOST /ccm/form-data/858128210?gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&label=kTaFCIuq0YYZENL-l5kD&npa=0&frm=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1 HTTP/1.1
                                                                                                                    Host: google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 0
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:12 UTC445INHTTP/1.1 204 No Content
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Content-Type: text/plain
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Server: Golfe2
                                                                                                                    Content-Length: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.749762142.250.185.1624438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC1334OUTGET /pagead/viewthroughconversion/858128210/?random=1724424970523&cv=11&fst=1724424970523&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:12 UTC842INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:12 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:12 UTC548INData Raw: 62 30 35 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 70 3d 3d 6e 75 6c 6c 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                    Data Ascii: b05(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 20 67 3f 21 21 74 26 26 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53 69 6c 6b 22 29 7d 3b 21 78 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 7a 28 29 3b 7a 28 29 3b 21 78 28 22 53 61 66 61 72 69 22 29 7c 7c 7a 28 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 43 6f 61 73 74 22 29 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 4f 70 65 72 61 22 29 29 7c 7c 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 28 79 28 29 3f 77 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 78 28 22 45
                                                                                                                    Data Ascii: g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("E
                                                                                                                    2024-08-23 14:56:12 UTC890INData Raw: 7a 61 32 30 30 5c 78 32 36 67 63 64 5c 78 33 64 31 33 6c 33 6c 33 6c 33 6c 31 6c 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 74 61 67 5f 65 78 70 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78 33 64 68 74 74 70 73 25 33 41 25 32 46 25 32 46 70 63 61 70 70 2e 73 74 6f 72 65 25 32 46 25 33 46 70 25 33 44 6c 70 64 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 25 32 36 67 75 69 64 25 33 44 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 25 32 36 5f 66 63 69 64 25 33 44 31 37 31 39 34 31 36 34 32 33 32 39 31 37 31 39 25 32 36 5f 77 69 6e 76 65 72 25 33 44 31 39 30 34 35 25 32 36 76 65 72 73 69 6f 6e 25 33 44 66 61
                                                                                                                    Data Ascii: za200\x26gcd\x3d13l3l3l3l1l1\x26dma\x3d0\x26tag_exp\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x3dhttps%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa
                                                                                                                    2024-08-23 14:56:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.749763142.250.186.984438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC1458OUTGET /td/rul/858128210?random=1724424970523&cv=11&fst=1724424970523&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion HTTP/1.1
                                                                                                                    Host: td.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-Dest: iframe
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:12 UTC785INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 23-Aug-2024 15:11:12 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:12 UTC605INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                    Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 74 65 3f 69 67 5f 6e 61 6d 65 3d 34 73 32 38 36 34 39 33 30 36 34 2e 31 37 32 34 34 32 34 39 37 30 5c 75 30 30 32 36 74 61 67 5f 65 69 64 3d 34 34 38 30 35 36 36 34 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 4e 61 5a 4a 32 41 21 32 73 5a 76 41 77 44 41 21 33 73 41 41 70 74 44 56 35 62 52 4e 74 58 22 2c 22 31 69 34 34 38 30 35 36 36 34 22 5d 2c 22 75 73 65 72 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 22 3a 5b 5b 22 37 39 30 34 37 30 35 36 36 31 22 2c 22 34 37 35 38 31 36 31 36 35 22 2c 22 35 39 36 30 39 33 32 38
                                                                                                                    Data Ascii: te?ig_name=4s286493064.1724424970\u0026tag_eid=44805664","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sNaZJ2A!2sZvAwDA!3sAAptDV5bRNtX","1i44805664"],"userBiddingSignals":[["7904705661","475816165","59609328
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 71 41 71 57 5f 4b 71 63 6c 51 67 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44
                                                                                                                    Data Ascii: ,null,"7904705661"],"adRenderId":"qAqW_KqclQg","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${REND
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 36 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 6c 6a 41 68 34 4e 69 34 41 37 6f 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36
                                                                                                                    Data Ascii: mat=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s*2A","metadata":["163766597928","688766820456",null,"20788079887",null,null,null,null,null,null,"475816165"],"adRenderId":"ljAh4Ni4A7o","buyerReportingId":"1j475816
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 3a 22 57 6f 6c 75 43 74 66 47 2d 42 45 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 37 32 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d
                                                                                                                    Data Ascii: :"WoluCtfG-BE","buyerReportingId":"1j7904283812!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117722\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 33 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 69 44 4a 6d 43 54 49 6c 68 4d 41 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a
                                                                                                                    Data Ascii: 26rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s*2A","metadata":["163766597928","688766820453",null,"20788079887",null,null,null,null,null,null,"475816165"],"adRenderId":"iDJmCTIlhMA","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https:
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 39 35 31 37 35 30 31 39 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36
                                                                                                                    Data Ascii: 75816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688795175019\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["16376
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 30 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 6b 6a 54 45 44 57 71 4d 45 61 6b 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61
                                                                                                                    Data Ascii: p_id=r1j475816165!4s*2A","metadata":["163766597928","688766820450",null,"20788079887",null,null,null,null,null,null,"475816165"],"adRenderId":"kjTEDWqMEak","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?a
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 36 37 38 36 34 31 31 32 35 38 22 2c 22 36 38 32 32 33 39 32 33 34 32 31 32 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22
                                                                                                                    Data Ascii: sf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s*2A","metadata":["156786411258","682239234212",null,"20788079887"
                                                                                                                    2024-08-23 14:56:12 UTC1390INData Raw: 35 39 37 39 32 38 22 2c 22 36 38 38 37 39 35 31 37 35 30 31 39 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 32 38 33 38 31 32 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 74 70 4a 39 67 6a 53 4c 2d 61 34 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 32 38 33 38 31 32 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 35 36 33
                                                                                                                    Data Ascii: 597928","688795175019",null,"20788079887",null,null,null,null,null,null,"7904283812"],"adRenderId":"tpJ9gjSL-a4","buyerReportingId":"1j7904283812!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117563


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.749765172.217.23.1004438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC1410OUTGET /pagead/1p-user-list/858128210/?random=1724424969537&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf2QnO69JuSpJOjcdLHG8WwuMV4pIhNw&random=1977167486&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:13 UTC602INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    Content-Length: 42
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close
                                                                                                                    2024-08-23 14:56:13 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.749764172.217.23.1004438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC1408OUTGET /pagead/1p-user-list/858128210/?random=1724424969591&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfTy1eGfkXubi08cauBmi63_0jv8nCaQ&random=4069214680&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:13 UTC602INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    Content-Length: 42
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close
                                                                                                                    2024-08-23 14:56:13 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.749767159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC603OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:12 UTC363INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Content-Type: application/javascript
                                                                                                                    Content-Length: 9559
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:12 UTC9559INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 20 7b 20 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 20 72 65 74 75 72 6e 20 5f 74 79 70 65 6f 66 20 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 22 73 79 6d 62 6f 6c 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 20 3f 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 3b 20 7d 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 6f 62 6a 20 26 26 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 6f 62
                                                                                                                    Data Ascii: "use strict";function _typeof(obj) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) { return typeof obj; } : function (obj) { return obj && "function" == typeof Symbol && ob


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.749771159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC544OUTGET /pixelgif.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:13 UTC448INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Content-Type: image/png
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:13 UTC106INData Raw: 35 66 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 5fPNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.749770159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:12 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:13 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:12 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.749772207.211.211.264438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC612OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1
                                                                                                                    Host: repository.pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:13 UTC713INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Content-Type: image/svg+xml
                                                                                                                    Content-Length: 2118
                                                                                                                    Connection: close
                                                                                                                    x-amz-id-2: VnXbMdQrMnDZ7RxRcp9Z9nX5AOhWlZ7/zrE6KB6T0/LE6m3Vo4OpWV+2fZVthwSD1SjXgpKMgrE=
                                                                                                                    x-amz-request-id: 0VTPN0WH96JBTFRZ
                                                                                                                    Last-Modified: Wed, 28 Feb 2024 14:20:34 GMT
                                                                                                                    ETag: "1039640cf0666a1621d55c9e9fa81439"
                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                    x-amz-version-id: TOr7Qz1D1UcT8CbM_PbCtRSNYTOORIzt
                                                                                                                    X-77-NZT: EggBz9PTGQFBDAHUZjgRAfeQ/QMA
                                                                                                                    X-77-NZT-Ray: 43862e24ba9fb4070da3c8669cc49319
                                                                                                                    X-Accel-Expires: @1725200253
                                                                                                                    X-Accel-Date: 1724163453
                                                                                                                    X-77-Cache: HIT
                                                                                                                    X-77-Age: 261520
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: CDN77-Turbo
                                                                                                                    X-Cache: MISS
                                                                                                                    X-77-POP: frankfurtDE
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    2024-08-23 14:56:13 UTC2118INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 33 32 22 20 68 65 69 67 68 74 3d 22 31 33 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 33 32 20 31 33 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 37 39 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 36 20 31 32 2e 35 41 34 2e 35 20 34 2e 35 20 30 20 30 31 32 30 2e 35 20 38 68 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 34 2e 35 20 34 2e 35 76 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 20 34 2e 35 68 2d 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 2d 34 2e 35 76 2d 39 31 7a 22 20 66 69 6c 6c 3d
                                                                                                                    Data Ascii: <svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.749768207.211.211.264438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC611OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1
                                                                                                                    Host: repository.pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:13 UTC713INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Content-Type: image/svg+xml
                                                                                                                    Content-Length: 3592
                                                                                                                    Connection: close
                                                                                                                    x-amz-id-2: 6CM9835YiIa1mEEy2I07UYwG0lrmPbIJN/eABSpwQGYlDP3nrxsKjRzLDFRde2XXY6ICL8ZoD5o=
                                                                                                                    x-amz-request-id: 0VTTJ0T3G6YZKFQX
                                                                                                                    Last-Modified: Mon, 04 Mar 2024 09:39:52 GMT
                                                                                                                    ETag: "0ffc071bc5af33d2be224cf147670471"
                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                    x-amz-version-id: nJOeS_LpKZ1Wvwro1OOF_QoPQBn9qYBO
                                                                                                                    X-77-NZT: EggBz9PTGQFBDAElE8I0Afe+/QMA
                                                                                                                    X-77-NZT-Ray: 43862e24939ea6070da3c86619f2e919
                                                                                                                    X-Accel-Expires: @1725200207
                                                                                                                    X-Accel-Date: 1724163407
                                                                                                                    X-77-Cache: HIT
                                                                                                                    X-77-Age: 261566
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: CDN77-Turbo
                                                                                                                    X-Cache: MISS
                                                                                                                    X-77-POP: frankfurtDE
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    2024-08-23 14:56:13 UTC3592INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 30 37 22 20 68 65 69 67 68 74 3d 22 31 30 39 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 37 20 31 30 39 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 38 36 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 38 2e 38 35 36 20 34 31 2e 36 31 34 63 2e 30 34 38 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 39 36 2e 30 34 38 2d 2e 30 34 38 2e 30 34 38 2d 2e 30 39 36 2e 30 34 38 2d 2e 31 34 33 76 2d 2e 31 39 32 63 30 2d 2e 30 39 36 2d 2e 30 34 38 2d 2e 31 34 34 2d 2e 30 39 36 2d 2e 32 34 61 2e 38 34 2e 38 34 20 30 20
                                                                                                                    Data Ascii: <svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    46192.168.2.749775172.217.23.1004438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC1462OUTGET /pagead/1p-user-list/858128210/?random=1724424970523&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHM3PPkg7qVG9o4TAu6nPPRuj6whTBQ&random=2858370071&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:13 UTC602INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    Content-Length: 42
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close
                                                                                                                    2024-08-23 14:56:13 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.749774142.250.74.1944438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC1151OUTGET /pagead/viewthroughconversion/858128210/?random=1724424969537&cv=11&fst=1724424969537&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: test_cookie=CheckForPermission
                                                                                                                    2024-08-23 14:56:13 UTC1011INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
                                                                                                                    Set-Cookie: IDE=AHWqTUmAlA19uwIzewfBqasAd24KxmNGDS3YxzEyOPYhZnVQFMckrpJlSCZilMWN; expires=Sun, 23-Aug-2026 14:56:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:13 UTC379INData Raw: 61 62 36 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 70 3d 3d 6e 75 6c 6c 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                    Data Ascii: ab6(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var
                                                                                                                    2024-08-23 14:56:13 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 61 2e 62 72 61 6e 64 29 26 26 61 2e 69 6e 64 65 78 4f 66 28 64 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 78 28 64 29 7b 76 61 72 20 61 3b 61 3a 7b 69 66 28 61 3d 66 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 64 29 21 3d 2d 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72
                                                                                                                    Data Ascii: unction(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("Cr
                                                                                                                    2024-08-23 14:56:13 UTC980INData Raw: 38 31 32 38 32 31 30 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 32 34 34 32 34 39 36 39 35 33 37 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 32 34 34 32 31 36 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 38 6c 30 76 39 31 30 33 32 35 36 36 35 32 7a 61 32 30 30 5c 78 32 36 67 63 64 5c 78 33 64 31 33 6c 33 6c 33 6c 33 6c 31 6c 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 74 61 67 5f 65 78 70 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78 33 64 68 74 74 70 73 25 33 41 25 32 46 25 32 46 70 63
                                                                                                                    Data Ascii: 8128210/?random\x3d1724424969537\x26cv\x3d11\x26fst\x3d1724421600000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be48l0v9103256652za200\x26gcd\x3d13l3l3l3l1l1\x26dma\x3d0\x26tag_exp\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x3dhttps%3A%2F%2Fpc
                                                                                                                    2024-08-23 14:56:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.749773142.250.74.1944438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC1149OUTGET /pagead/viewthroughconversion/858128210/?random=1724424969591&cv=11&fst=1724424969591&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: test_cookie=CheckForPermission
                                                                                                                    2024-08-23 14:56:13 UTC1011INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
                                                                                                                    Set-Cookie: IDE=AHWqTUnGh1a_b5PxTN9ca1GZU45P5-iOVPMTFWYATMXaAJTmk3R687yRllqTCRDP; expires=Sun, 23-Aug-2026 14:56:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:13 UTC379INData Raw: 61 62 33 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 70 3d 3d 6e 75 6c 6c 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                    Data Ascii: ab3(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var
                                                                                                                    2024-08-23 14:56:13 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 61 2e 62 72 61 6e 64 29 26 26 61 2e 69 6e 64 65 78 4f 66 28 64 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 78 28 64 29 7b 76 61 72 20 61 3b 61 3a 7b 69 66 28 61 3d 66 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 64 29 21 3d 2d 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72
                                                                                                                    Data Ascii: unction(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("Cr
                                                                                                                    2024-08-23 14:56:13 UTC977INData Raw: 38 31 32 38 32 31 30 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 32 34 34 32 34 39 36 39 35 39 31 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 32 34 34 32 31 36 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 38 6c 30 76 39 31 30 33 32 35 36 36 35 32 7a 61 32 30 30 5c 78 32 36 67 63 64 5c 78 33 64 31 33 6c 33 6c 33 6c 33 6c 31 6c 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 74 61 67 5f 65 78 70 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78 33 64 68 74 74 70 73 25 33 41 25 32 46 25 32 46 70 63
                                                                                                                    Data Ascii: 8128210/?random\x3d1724424969591\x26cv\x3d11\x26fst\x3d1724421600000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be48l0v9103256652za200\x26gcd\x3d13l3l3l3l1l1\x26dma\x3d0\x26tag_exp\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x3dhttps%3A%2F%2Fpc
                                                                                                                    2024-08-23 14:56:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    49192.168.2.749776142.250.74.1944438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC1203OUTGET /pagead/viewthroughconversion/858128210/?random=1724424970523&cv=11&fst=1724424970523&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: test_cookie=CheckForPermission
                                                                                                                    2024-08-23 14:56:13 UTC1011INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: cafe
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
                                                                                                                    Set-Cookie: IDE=AHWqTUk2YMlSbn5VBdpoAuOd5UGpfGaYaETQWvKs_AiT3FoC98xCbY6FR1ktz1S-; expires=Sun, 23-Aug-2026 14:56:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-08-23 14:56:13 UTC379INData Raw: 62 31 37 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 70 3d 3d 6e 75 6c 6c 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                    Data Ascii: b17(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],p==null){k=null;break a}k=p}var
                                                                                                                    2024-08-23 14:56:13 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 61 2e 62 72 61 6e 64 29 26 26 61 2e 69 6e 64 65 78 4f 66 28 64 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 78 28 64 29 7b 76 61 72 20 61 3b 61 3a 7b 69 66 28 61 3d 66 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 20 61 2e 69 6e 64 65 78 4f 66 28 64 29 21 3d 2d 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72
                                                                                                                    Data Ascii: unction(a){return(a=a.brand)&&a.indexOf(d)!=-1}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return a.indexOf(d)!=-1};function y(){return g?!!t&&t.brands.length>0:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("Cr
                                                                                                                    2024-08-23 14:56:13 UTC1077INData Raw: 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 31 70 2d 75 73 65 72 2d 6c 69 73 74 2f 38 35 38 31 32 38 32 31 30 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 32 34 34 32 34 39 37 30 35 32 33 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 32 34 34 32 31 36 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 38 6c 30 76 39 31 30 33 32 35 36 36 35 32 7a 61 32 30 30 5c 78 32 36 67 63 64 5c 78 33 64 31 33 6c 33 6c 33 6c 33 6c 31 6c 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 74 61 67 5f 65 78 70 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34
                                                                                                                    Data Ascii: .com/pagead/1p-user-list/858128210/?random\x3d1724424970523\x26cv\x3d11\x26fst\x3d1724421600000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be48l0v9103256652za200\x26gcd\x3d13l3l3l3l1l1\x26dma\x3d0\x26tag_exp\x3d0\x26u_w\x3d1280\x26u_h\x3d1024
                                                                                                                    2024-08-23 14:56:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    50192.168.2.749766184.28.90.27443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: identity
                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                    Host: fs.microsoft.com
                                                                                                                    2024-08-23 14:56:13 UTC467INHTTP/1.1 200 OK
                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                    Server: ECAcc (lpl/EF70)
                                                                                                                    X-CID: 11
                                                                                                                    X-Ms-ApiVersion: Distribute 1.2
                                                                                                                    X-Ms-Region: prod-weu-z1
                                                                                                                    Cache-Control: public, max-age=179367
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Connection: close
                                                                                                                    X-CID: 2


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    51192.168.2.749779159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:13 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:13 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:13 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    52192.168.2.74978245.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:14 UTC907OUTGET /lp/appstore/img/favicon.ico HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:14 UTC307INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:14 GMT
                                                                                                                    Content-Type: image/x-icon
                                                                                                                    Content-Length: 4286
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:14 UTC4286INData Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 2c 68 ff 40 2c 68 ff c0 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff c0 2c 68 ff 40 ff ff ff 00 ff ff ff 00 ff ff ff 00 2c 68 ff 60 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c
                                                                                                                    Data Ascii: ( @ ,h@,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h@,h`,h,h,h,h,h,h,h,h,h,h,h,h,h,h,


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    53192.168.2.749781216.58.212.1644438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:14 UTC1179OUTGET /pagead/1p-user-list/858128210/?random=1724424969537&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf2QnO69JuSpJOjcdLHG8WwuMV4pIhNw&random=1977167486&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:14 UTC602INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:14 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    Content-Length: 42
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close
                                                                                                                    2024-08-23 14:56:14 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    54192.168.2.749780216.58.212.1644438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:14 UTC1177OUTGET /pagead/1p-user-list/858128210/?random=1724424969591&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfTy1eGfkXubi08cauBmi63_0jv8nCaQ&random=4069214680&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:14 UTC602INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:14 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    Content-Length: 42
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close
                                                                                                                    2024-08-23 14:56:14 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    55192.168.2.749783216.58.212.1644438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:14 UTC1231OUTGET /pagead/1p-user-list/858128210/?random=1724424970523&cv=11&fst=1724421600000&bg=ffffff&guid=ON&async=1&gtm=45be48l0v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=286493064.1724424970&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHM3PPkg7qVG9o4TAu6nPPRuj6whTBQ&random=2858370071&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:14 UTC602INHTTP/1.1 200 OK
                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:14 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Server: cafe
                                                                                                                    Content-Length: 42
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close
                                                                                                                    2024-08-23 14:56:14 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    56192.168.2.749785184.28.90.27443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:14 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: identity
                                                                                                                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                    Range: bytes=0-2147483646
                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                    Host: fs.microsoft.com
                                                                                                                    2024-08-23 14:56:14 UTC515INHTTP/1.1 200 OK
                                                                                                                    ApiVersion: Distribute 1.1
                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                    Server: ECAcc (lpl/EF06)
                                                                                                                    X-CID: 11
                                                                                                                    X-Ms-ApiVersion: Distribute 1.2
                                                                                                                    X-Ms-Region: prod-weu-z1
                                                                                                                    Cache-Control: public, max-age=179341
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:14 GMT
                                                                                                                    Content-Length: 55
                                                                                                                    Connection: close
                                                                                                                    X-CID: 2
                                                                                                                    2024-08-23 14:56:14 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    57192.168.2.749789159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:16 UTC559OUTGET /lp/appstore/img/favicon.ico HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:16 UTC307INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:16 GMT
                                                                                                                    Content-Type: image/x-icon
                                                                                                                    Content-Length: 4286
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:16 UTC4286INData Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 2c 68 ff 40 2c 68 ff c0 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff c0 2c 68 ff 40 ff ff ff 00 ff ff ff 00 ff ff ff 00 2c 68 ff 60 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c
                                                                                                                    Data Ascii: ( @ ,h@,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h@,h`,h,h,h,h,h,h,h,h,h,h,h,h,h,h,


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    58192.168.2.74979045.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:16 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:16 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:16 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:16 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:16 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    59192.168.2.74978840.127.169.103443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:16 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gt97eyoKPngYfpx&MD=SSPuEZLH HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                    2024-08-23 14:56:16 UTC560INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    Expires: -1
                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                    MS-CorrelationId: 324f4675-68a6-4f57-9e31-73733353619e
                                                                                                                    MS-RequestId: 393db88e-4d93-4945-8c40-e588efb8b51f
                                                                                                                    MS-CV: VmEvKzhhl02TwuBh.0
                                                                                                                    X-Microsoft-SLSClientCache: 2880
                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:15 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 24490
                                                                                                                    2024-08-23 14:56:16 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                    2024-08-23 14:56:16 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    60192.168.2.749791216.239.38.1814438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:16 UTC1300OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je48l0v898645365za200zb9103256652&_p=1724424969048&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1878683437.1724424970&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1724424970&sct=1&seg=0&dl=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D19882742-CC56-1A59-9779-FB8CBFA1E29D%26_fcid%3D1719416423291719%26_winver%3D19045%26version%3Dfa.1091q&dt=APP%20STORE%3A%20Installing&en=scroll&epn.percent_scrolled=90&_et=21&tfd=10193 HTTP/1.1
                                                                                                                    Host: analytics.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 0
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-08-23 14:56:16 UTC445INHTTP/1.1 204 No Content
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:16 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Content-Type: text/plain
                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                    Server: Golfe2
                                                                                                                    Content-Length: 0
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    61192.168.2.749792159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:17 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:17 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:17 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    62192.168.2.74979345.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:21 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:21 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:21 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:21 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:21 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    63192.168.2.749794159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:21 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:22 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:21 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    64192.168.2.74979545.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:26 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:26 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:26 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:26 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:26 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    65192.168.2.749796159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:26 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:26 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:26 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    66192.168.2.74979745.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:31 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:31 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:31 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:31 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:31 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    67192.168.2.749798159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:31 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:31 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:31 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    68192.168.2.74979945.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:36 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:36 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:36 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:36 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:36 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    69192.168.2.749800159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:37 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:37 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:37 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    70192.168.2.74980145.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:41 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:41 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:42 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:41 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:42 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    71192.168.2.749802159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:43 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:43 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:43 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    72192.168.2.74980345.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:46 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:46 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:47 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:46 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:47 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    73192.168.2.749804159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:47 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:47 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:47 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    74192.168.2.74980545.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:51 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:51 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:51 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:51 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:51 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    75192.168.2.749806159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:51 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:51 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:51 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    76192.168.2.74980740.127.169.103443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gt97eyoKPngYfpx&MD=SSPuEZLH HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                    2024-08-23 14:56:55 UTC560INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    Expires: -1
                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                    ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                    MS-CorrelationId: 54d97b9a-a8eb-47b5-a68e-94e89e08f58c
                                                                                                                    MS-RequestId: 63954451-87d3-406c-b08a-5ac9e723a943
                                                                                                                    MS-CV: jKgeXRslf0KRF1r8.0
                                                                                                                    X-Microsoft-SLSClientCache: 1440
                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:54 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 30005
                                                                                                                    2024-08-23 14:56:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                    Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                    2024-08-23 14:56:55 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                    Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    77192.168.2.74980845.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:56 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:56 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:56:56 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:56 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:56:56 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    78192.168.2.749809159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:56:56 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:56:56 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:56:56 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:56:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    79192.168.2.74981145.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:01 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:01 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:01 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:01 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:01 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    80192.168.2.749812159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:01 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:01 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:01 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    81192.168.2.74981345.32.1.234438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:06 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:06 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:06 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:06 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:06 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    82192.168.2.749814159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:06 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:06 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:06 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    83192.168.2.749816159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:11 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:11 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:11 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:11 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:11 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    84192.168.2.749818159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:11 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:11 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:11 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    85192.168.2.749819159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:16 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:16 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:16 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:16 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:16 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    86192.168.2.749820159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:16 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:17 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:17 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    87192.168.2.74982145.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:20 UTC306OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=download_done&result=12345678-1234-5678-90AB-CDDEEFAABBCC&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:20 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:20 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:20 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    88192.168.2.749822159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:21 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:21 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:21 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:21 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:21 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    89192.168.2.74982345.32.1.234437700C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:21 UTC253OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_mini_installer&evt_action=done&_fcid=1719416423291719 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:21 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:21 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:21 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    90192.168.2.749824159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:22 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:22 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:22 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    91192.168.2.74982545.32.1.234438948C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:22 UTC245OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=internal&prev_v=fa.1091q HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:22 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:22 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:22 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    92192.168.2.74982645.32.1.234438948C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:23 UTC237OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=start&permision= HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:23 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:23 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:23 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    93192.168.2.74982745.32.1.234438948C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:24 UTC275OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=installing&e=03000200-0400-0500-0006-000700080009&u=69 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:24 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:24 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    94192.168.2.749828159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:26 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:26 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:26 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:26 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:26 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    95192.168.2.749829159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:26 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:27 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:26 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    96192.168.2.749830159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:31 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:31 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:31 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:31 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:31 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    97192.168.2.749831159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:31 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:32 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:32 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    98192.168.2.749832159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:36 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:36 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:36 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:36 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:36 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 73 74 61 72 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"started"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    99192.168.2.749834159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:37 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:37 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:37 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    100192.168.2.749835159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:41 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:41 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:41 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:41 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:41 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 73 74 61 72 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"started"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    101192.168.2.749836159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:41 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:42 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:42 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    102192.168.2.749837159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:46 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:46 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:46 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:46 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:46 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 73 74 61 72 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"started"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    103192.168.2.749838159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:47 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:47 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:47 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    104192.168.2.749839159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:51 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:51 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:51 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:51 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:51 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 73 74 61 72 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"started"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    105192.168.2.749840159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:51 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:52 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:52 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    106192.168.2.74984145.32.1.234438948C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:53 UTC255OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_installer&evt_action=localmac&addon[]=EC-F4-BB-82-F7-E0 HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:53 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:53 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:53 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    107192.168.2.74984245.32.1.234438948C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:55 UTC285OUTPOST /inst_cpg.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&src=pcapp_full HTTP/1.1
                                                                                                                    Filename: tempPOSTData
                                                                                                                    Content-Type: application/json
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Content-Length: 1770
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:55 UTC1770OUTData Raw: 7b 22 73 79 73 74 65 6d 5f 73 74 61 74 73 22 3a 7b 22 6f 73 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 2b 57 69 6e 64 6f 77 73 2b 31 30 2b 50 72 6f 22 2c 22 6f 73 5f 69 6e 73 74 61 6c 6c 64 61 74 65 22 3a 22 32 30 32 33 31 30 30 33 31 30 35 37 31 38 25 32 45 30 30 30 30 30 30 25 32 42 31 32 30 22 2c 22 6f 73 5f 70 72 6f 63 65 73 73 65 73 22 3a 22 31 30 33 22 2c 22 6f 73 5f 61 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 2d 62 69 74 22 2c 22 6f 73 5f 76 69 72 74 6d 65 6d 22 3a 22 38 33 38 37 36 33 36 22 2c 22 6f 73 5f 6d 65 6d 22 3a 22 34 31 39 33 33 33 32 22 2c 22 63 70 75 5f 6e 61 6d 65 22 3a 22 49 6e 74 65 6c 25 32 38 52 25 32 39 2b 43 6f 72 65 25 32 38 54 4d 25 32 39 32 2b 43 50 55 2b 36 36 30 30 2b 25 34 30 2b 32 25 32 45 34 30 2b 47 48 7a
                                                                                                                    Data Ascii: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003105718%2E000000%2B120","os_processes":"103","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz
                                                                                                                    2024-08-23 14:57:55 UTC509INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:55 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:55 UTC84INData Raw: 34 39 0d 0a 7b 22 63 70 67 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 69 6e 73 74 5f 65 78 63 6c 22 3a 6e 75 6c 6c 2c 22 69 6e 73 74 5f 61 64 64 6f 6e 22 3a 6e 75 6c 6c 2c 22 69 6e 73 74 5f 61 64 76 61 6e 63 65 64 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 49{"cpg":"default","inst_excl":null,"inst_addon":null,"inst_advanced":null}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    108192.168.2.749843159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:56 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:56 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:57:56 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:56 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:56 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 73 74 61 72 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"started"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    109192.168.2.749844159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:57 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:57:57 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:57 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:57:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    110192.168.2.74984545.32.1.234438948C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:57 UTC238OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&inst_parent=&evt_src=fa_installer&evt_action=done HTTP/1.1
                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-08-23 14:57:57 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:57 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:57 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    111192.168.2.74984618.173.205.1114434104C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:58 UTC821OUTGET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724432130&nocache=404 HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                    Host: d74queuslupub.cloudfront.net
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-08-23 14:57:58 UTC478INHTTP/1.1 200 OK
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:36 GMT
                                                                                                                    Last-Modified: Thu, 26 May 2022 12:48:19 GMT
                                                                                                                    ETag: "d89746888da2d9510b64a9f031eaecd5"
                                                                                                                    x-amz-version-id: null
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Server: AmazonS3
                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                    Via: 1.1 741fa80e957b47e88235a1fa44ab4ea4.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P12
                                                                                                                    X-Amz-Cf-Id: Eb_AlxiNXmMf4trZ6wB_6ZpgUOhqgJxaJJpgIw6BvePaCRrEZg8b8w==
                                                                                                                    Age: 23
                                                                                                                    2024-08-23 14:57:58 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    112192.168.2.74984718.173.205.1114434104C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:59 UTC822OUTGET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":1,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724434528&nocache=4323 HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                    Host: d74queuslupub.cloudfront.net
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-08-23 14:57:59 UTC478INHTTP/1.1 200 OK
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:36 GMT
                                                                                                                    Last-Modified: Thu, 26 May 2022 12:48:19 GMT
                                                                                                                    ETag: "d89746888da2d9510b64a9f031eaecd5"
                                                                                                                    x-amz-version-id: null
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Server: AmazonS3
                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                    Via: 1.1 8d70d51432f10e2eca684af448a5f99e.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P12
                                                                                                                    X-Amz-Cf-Id: Ss-5zbGxV45YS11O2jE6islG6q1zwlvwyI4KlUDhbEY3HtY_I_JIwA==
                                                                                                                    Age: 24
                                                                                                                    2024-08-23 14:57:59 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    113192.168.2.74984845.32.1.234438268C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:57:59 UTC237OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724432131432&nocache=7305953 HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                    Host: pcapp.store
                                                                                                                    2024-08-23 14:57:59 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:59 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:57:59 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    114192.168.2.74985018.173.205.1114434104C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:00 UTC822OUTGET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":2,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724436447&nocache=7458 HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                    Host: d74queuslupub.cloudfront.net
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-08-23 14:58:01 UTC478INHTTP/1.1 200 OK
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:36 GMT
                                                                                                                    Last-Modified: Thu, 26 May 2022 12:48:19 GMT
                                                                                                                    ETag: "d89746888da2d9510b64a9f031eaecd5"
                                                                                                                    x-amz-version-id: null
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Server: AmazonS3
                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                    Via: 1.1 8c1c3a8ed856f5c19ce3b4158bff94a8.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P12
                                                                                                                    X-Amz-Cf-Id: p7SEQYCMSi0qY_JcT7ZOkvClzA4bLa-TJr3pUkpKToMrugHjS1dyBg==
                                                                                                                    Age: 26
                                                                                                                    2024-08-23 14:58:01 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    115192.168.2.749851159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:01 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:58:01 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:58:01 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:58:01 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:58:01 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 73 74 61 72 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 21{"state":"ok","result":"started"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    116192.168.2.749852159.223.126.414438144C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:01 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:58:01 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:58:01 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:58:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    117192.168.2.74985318.173.205.1114434104C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:02 UTC823OUTGET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":3,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724438726&nocache=11180 HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                    Host: d74queuslupub.cloudfront.net
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-08-23 14:58:02 UTC478INHTTP/1.1 200 OK
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:36 GMT
                                                                                                                    Last-Modified: Thu, 26 May 2022 12:48:19 GMT
                                                                                                                    ETag: "d89746888da2d9510b64a9f031eaecd5"
                                                                                                                    x-amz-version-id: null
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Server: AmazonS3
                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                    Via: 1.1 b44afb2a44376871c20edb8c123ed47c.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P12
                                                                                                                    X-Amz-Cf-Id: z_QEjdHfdlUGqpv5l83fS_MC7r4zMKNQ-trrx1x5Hd5jDLaKZumUAA==
                                                                                                                    Age: 27
                                                                                                                    2024-08-23 14:58:02 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    118192.168.2.74985418.173.205.1114434104C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:04 UTC823OUTGET /p.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=watch_dog&evt_action=signal_event&data={"counter":4,"rid":"20240823105755.8197303796","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1724440885&nocache=14707 HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                    Host: d74queuslupub.cloudfront.net
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-08-23 14:58:04 UTC478INHTTP/1.1 200 OK
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 23 Aug 2024 14:57:36 GMT
                                                                                                                    Last-Modified: Thu, 26 May 2022 12:48:19 GMT
                                                                                                                    ETag: "d89746888da2d9510b64a9f031eaecd5"
                                                                                                                    x-amz-version-id: null
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Server: AmazonS3
                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                    Via: 1.1 6331d4bbb4ca00ba6bb24a0730ab986c.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P12
                                                                                                                    X-Amz-Cf-Id: fS37Jgr5_Z4QBSacmS04Sgj9q8yvCZEvGm1_QALRVpX2Zco9SpC0dw==
                                                                                                                    Age: 29
                                                                                                                    2024-08-23 14:58:04 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    119192.168.2.749856159.223.126.41443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:06 UTC923OUTPOST /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    Content-Length: 96
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                    Accept: */*
                                                                                                                    Origin: https://pcapp.store
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&_fcid=1719416423291719&_winver=19045&version=fa.1091q
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:58:06 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 31 39 38 38 32 37 34 32 2d 43 43 35 36 2d 31 41 35 39 2d 39 37 37 39 2d 46 42 38 43 42 46 41 31 45 32 39 44 22 7d 7d
                                                                                                                    Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"19882742-CC56-1A59-9779-FB8CBFA1E29D"}}
                                                                                                                    2024-08-23 14:58:06 UTC551INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:58:06 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:58:06 UTC41INData Raw: 31 65 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 64 6f 6e 65 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 1e{"state":"ok","result":"done"}0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    120192.168.2.749857159.223.126.41443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:06 UTC543OUTGET /api/api.php HTTP/1.1
                                                                                                                    Host: pcapp.store
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Cookie: _fcid=1719416423291719; _gcl_au=1.1.286493064.1724424970; guid=19882742-CC56-1A59-9779-FB8CBFA1E29D; _ga=GA1.1.1878683437.1724424970; _ga_VFQWFX3X1C=GS1.1.1724424970.1.0.1724424970.60.0.0
                                                                                                                    2024-08-23 14:58:06 UTC211INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:58:06 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    2024-08-23 14:58:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    121192.168.2.74985945.32.1.23443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-08-23 14:58:11 UTC236OUTGET /pixel.gif?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&version=fa.1091q&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1724425090304&nocache=263843 HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                    Host: pcapp.store
                                                                                                                    2024-08-23 14:58:11 UTC302INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Fri, 23 Aug 2024 14:58:11 GMT
                                                                                                                    Content-Type: image/gif
                                                                                                                    Content-Length: 42
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                    2024-08-23 14:58:11 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:10:55:58
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Users\user\Desktop\tKr6T60C1r.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\tKr6T60C1r.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:120'368 bytes
                                                                                                                    MD5 hash:7A76AFACA4AF78F671CC47CB7993EECF
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:10:56:04
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=19882742-CC56-1A59-9779-FB8CBFA1E29D&winver=19045&version=fa.1091q&nocache=20240823105604.466&_fcid=1719416423291719
                                                                                                                    Imagebase:0x7ff6c4390000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:10:56:05
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                    Imagebase:0x7ff6c4390000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:10:56:09
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                    Imagebase:0x7ff6c4390000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:10:56:09
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1996,i,5813096633324106797,11268818542234249706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                    Imagebase:0x7ff6c4390000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:14
                                                                                                                    Start time:10:57:20
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\nsrC311.tmp
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:93'300'544 bytes
                                                                                                                    MD5 hash:3091083F66939A0DF8DBA2D77E65FC51
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 11%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:16
                                                                                                                    Start time:10:57:55
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                    Imagebase:0xe90000
                                                                                                                    File size:2'141'536 bytes
                                                                                                                    MD5 hash:92CC70D7D67DB4A1DFC22857920C9364
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 46%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:17
                                                                                                                    Start time:10:57:55
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Users\user\PCAppStore\Watchdog.exe" /guid=19882742-CC56-1A59-9779-FB8CBFA1E29D /rid=20240823105755.8197303796 /ver=fa.1091q
                                                                                                                    Imagebase:0x7ff6161a0000
                                                                                                                    File size:276'320 bytes
                                                                                                                    MD5 hash:7B432B3DA82D7E40916D1D2EB6F9F48D
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 38%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:18
                                                                                                                    Start time:10:57:57
                                                                                                                    Start date:23/08/2024
                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                    Imagebase:0x7ff70ffd0000
                                                                                                                    File size:5'141'208 bytes
                                                                                                                    MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:29%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:16.6%
                                                                                                                      Total number of Nodes:1349
                                                                                                                      Total number of Limit Nodes:40
                                                                                                                      execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2970 401423 2931->2970 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2967 405aeb CreateDirectoryW 2941->2967 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 2968 405afb 2967->2968 2969 405aff GetLastError 2967->2969 2968->2941 2969->2968 3021 40559f 2970->3021 2973 40653d lstrcpynW 2973->2938 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2973 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3106 406873 FindFirstFileW 3043->3106 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3089 405e58 lstrlenW 3046->3089 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3093 40653d lstrcpynW 3065->3093 3094 405c01 3065->3094 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3112 40653d lstrcpynW 3074->3112 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3090 405e66 3089->3090 3091 405e78 3090->3091 3092 405e6c CharPrevW 3090->3092 3091->3049 3092->3090 3092->3091 3093->3065 3113 406008 GetFileAttributesW 3094->3113 3097 405c2e 3097->3065 3098 405c24 DeleteFileW 3100 405c2a 3098->3100 3099 405c1c RemoveDirectoryW 3099->3100 3100->3097 3101 405c3a SetFileAttributesW 3100->3101 3101->3097 3103 406311 3102->3103 3105 40631e 3102->3105 3116 406183 3103->3116 3105->3065 3107 405dcd 3106->3107 3108 406889 FindClose 3106->3108 3107->3072 3109 405e0c lstrlenW CharPrevW 3107->3109 3108->3107 3110 405dd7 3109->3110 3111 405e28 lstrcatW 3109->3111 3110->3057 3111->3110 3112->3076 3114 405c0d 3113->3114 3115 40601a SetFileAttributesW 3113->3115 3114->3097 3114->3098 3114->3099 3115->3114 3117 4061b3 3116->3117 3118 4061d9 GetShortPathNameW 3116->3118 3143 40602d GetFileAttributesW CreateFileW 3117->3143 3120 4062f8 3118->3120 3121 4061ee 3118->3121 3120->3105 3121->3120 3123 4061f6 wsprintfA 3121->3123 3122 4061bd CloseHandle GetShortPathNameW 3122->3120 3124 4061d1 3122->3124 3125 40657a 17 API calls 3123->3125 3124->3118 3124->3120 3126 40621e 3125->3126 3144 40602d GetFileAttributesW CreateFileW 3126->3144 3128 40622b 3128->3120 3129 40623a GetFileSize GlobalAlloc 3128->3129 3130 4062f1 CloseHandle 3129->3130 3131 40625c 3129->3131 3130->3120 3145 4060b0 ReadFile 3131->3145 3136 40627b lstrcpyA 3139 40629d 3136->3139 3137 40628f 3138 405f92 4 API calls 3137->3138 3138->3139 3140 4062d4 SetFilePointer 3139->3140 3152 4060df WriteFile 3140->3152 3143->3122 3144->3128 3146 4060ce 3145->3146 3146->3130 3147 405f92 lstrlenA 3146->3147 3148 405fd3 lstrlenA 3147->3148 3149 405fdb 3148->3149 3150 405fac lstrcmpiA 3148->3150 3149->3136 3149->3137 3150->3149 3151 405fca CharNextA 3150->3151 3151->3148 3153 4060fd GlobalFree 3152->3153 3153->3130 3168 401c43 3169 402d84 17 API calls 3168->3169 3170 401c4a 3169->3170 3171 402d84 17 API calls 3170->3171 3172 401c57 3171->3172 3173 401c6c 3172->3173 3174 402da6 17 API calls 3172->3174 3175 401c7c 3173->3175 3176 402da6 17 API calls 3173->3176 3174->3173 3177 401cd3 3175->3177 3178 401c87 3175->3178 3176->3175 3180 402da6 17 API calls 3177->3180 3179 402d84 17 API calls 3178->3179 3182 401c8c 3179->3182 3181 401cd8 3180->3181 3183 402da6 17 API calls 3181->3183 3184 402d84 17 API calls 3182->3184 3185 401ce1 FindWindowExW 3183->3185 3186 401c98 3184->3186 3189 401d03 3185->3189 3187 401cc3 SendMessageW 3186->3187 3188 401ca5 SendMessageTimeoutW 3186->3188 3187->3189 3188->3189 3834 404943 3835 404953 3834->3835 3836 404979 3834->3836 3837 404499 18 API calls 3835->3837 3838 404500 8 API calls 3836->3838 3839 404960 SetDlgItemTextW 3837->3839 3840 404985 3838->3840 3839->3836 3841 4028c4 3842 4028ca 3841->3842 3843 4028d2 FindClose 3842->3843 3844 402c2a 3842->3844 3843->3844 3848 4016cc 3849 402da6 17 API calls 3848->3849 3850 4016d2 GetFullPathNameW 3849->3850 3851 4016ec 3850->3851 3857 40170e 3850->3857 3854 406873 2 API calls 3851->3854 3851->3857 3852 401723 GetShortPathNameW 3853 402c2a 3852->3853 3855 4016fe 3854->3855 3855->3857 3858 40653d lstrcpynW 3855->3858 3857->3852 3857->3853 3858->3857 3859 401e4e GetDC 3860 402d84 17 API calls 3859->3860 3861 401e60 GetDeviceCaps MulDiv ReleaseDC 3860->3861 3862 402d84 17 API calls 3861->3862 3863 401e91 3862->3863 3864 40657a 17 API calls 3863->3864 3865 401ece CreateFontIndirectW 3864->3865 3866 402638 3865->3866 3867 4045cf lstrcpynW lstrlenW 3868 402950 3869 402da6 17 API calls 3868->3869 3871 40295c 3869->3871 3870 402972 3873 406008 2 API calls 3870->3873 3871->3870 3872 402da6 17 API calls 3871->3872 3872->3870 3874 402978 3873->3874 3896 40602d GetFileAttributesW CreateFileW 3874->3896 3876 402985 3877 402a3b 3876->3877 3878 4029a0 GlobalAlloc 3876->3878 3879 402a23 3876->3879 3880 402a42 DeleteFileW 3877->3880 3881 402a55 3877->3881 3878->3879 3882 4029b9 3878->3882 3883 4032b4 31 API calls 3879->3883 3880->3881 3897 4034e5 SetFilePointer 3882->3897 3885 402a30 CloseHandle 3883->3885 3885->3877 3886 4029bf 3887 4034cf ReadFile 3886->3887 3888 4029c8 GlobalAlloc 3887->3888 3889 4029d8 3888->3889 3890 402a0c 3888->3890 3891 4032b4 31 API calls 3889->3891 3892 4060df WriteFile 3890->3892 3895 4029e5 3891->3895 3893 402a18 GlobalFree 3892->3893 3893->3879 3894 402a03 GlobalFree 3894->3890 3895->3894 3896->3876 3897->3886 3898 401956 3899 402da6 17 API calls 3898->3899 3900 40195d lstrlenW 3899->3900 3901 402638 3900->3901 3902 4014d7 3903 402d84 17 API calls 3902->3903 3904 4014dd Sleep 3903->3904 3906 402c2a 3904->3906 3617 4020d8 3618 4020ea 3617->3618 3628 40219c 3617->3628 3619 402da6 17 API calls 3618->3619 3621 4020f1 3619->3621 3620 401423 24 API calls 3626 4022f6 3620->3626 3622 402da6 17 API calls 3621->3622 3623 4020fa 3622->3623 3624 402110 LoadLibraryExW 3623->3624 3625 402102 GetModuleHandleW 3623->3625 3627 402121 3624->3627 3624->3628 3625->3624 3625->3627 3637 406979 3627->3637 3628->3620 3631 402132 3634 401423 24 API calls 3631->3634 3635 402142 3631->3635 3632 40216b 3633 40559f 24 API calls 3632->3633 3633->3635 3634->3635 3635->3626 3636 40218e FreeLibrary 3635->3636 3636->3626 3642 40655f WideCharToMultiByte 3637->3642 3639 406996 3640 40699d GetProcAddress 3639->3640 3641 40212c 3639->3641 3640->3641 3641->3631 3641->3632 3642->3639 3907 404658 3908 404670 3907->3908 3914 40478a 3907->3914 3915 404499 18 API calls 3908->3915 3909 4047f4 3910 4048be 3909->3910 3911 4047fe GetDlgItem 3909->3911 3916 404500 8 API calls 3910->3916 3912 404818 3911->3912 3913 40487f 3911->3913 3912->3913 3920 40483e SendMessageW LoadCursorW SetCursor 3912->3920 3913->3910 3921 404891 3913->3921 3914->3909 3914->3910 3917 4047c5 GetDlgItem SendMessageW 3914->3917 3918 4046d7 3915->3918 3919 4048b9 3916->3919 3940 4044bb KiUserCallbackDispatcher 3917->3940 3923 404499 18 API calls 3918->3923 3944 404907 3920->3944 3926 4048a7 3921->3926 3927 404897 SendMessageW 3921->3927 3924 4046e4 CheckDlgButton 3923->3924 3938 4044bb KiUserCallbackDispatcher 3924->3938 3926->3919 3931 4048ad SendMessageW 3926->3931 3927->3926 3928 4047ef 3941 4048e3 3928->3941 3931->3919 3933 404702 GetDlgItem 3939 4044ce SendMessageW 3933->3939 3935 404718 SendMessageW 3936 404735 GetSysColor 3935->3936 3937 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3935->3937 3936->3937 3937->3919 3938->3933 3939->3935 3940->3928 3942 4048f1 3941->3942 3943 4048f6 SendMessageW 3941->3943 3942->3943 3943->3909 3947 405b63 ShellExecuteExW 3944->3947 3946 40486d LoadCursorW SetCursor 3946->3913 3947->3946 3948 402b59 3949 402b60 3948->3949 3950 402bab 3948->3950 3953 402d84 17 API calls 3949->3953 3956 402ba9 3949->3956 3951 40690a 5 API calls 3950->3951 3952 402bb2 3951->3952 3954 402da6 17 API calls 3952->3954 3955 402b6e 3953->3955 3957 402bbb 3954->3957 3958 402d84 17 API calls 3955->3958 3957->3956 3959 402bbf IIDFromString 3957->3959 3961 402b7a 3958->3961 3959->3956 3960 402bce 3959->3960 3960->3956 3966 40653d lstrcpynW 3960->3966 3965 406484 wsprintfW 3961->3965 3964 402beb CoTaskMemFree 3964->3956 3965->3956 3966->3964 3760 40175c 3761 402da6 17 API calls 3760->3761 3762 401763 3761->3762 3763 40605c 2 API calls 3762->3763 3764 40176a 3763->3764 3765 40605c 2 API calls 3764->3765 3765->3764 3967 401d5d 3968 402d84 17 API calls 3967->3968 3969 401d6e SetWindowLongW 3968->3969 3970 402c2a 3969->3970 3766 4056de 3767 405888 3766->3767 3768 4056ff GetDlgItem GetDlgItem GetDlgItem 3766->3768 3770 405891 GetDlgItem CreateThread CloseHandle 3767->3770 3771 4058b9 3767->3771 3811 4044ce SendMessageW 3768->3811 3770->3771 3814 405672 5 API calls 3770->3814 3773 4058e4 3771->3773 3775 4058d0 ShowWindow ShowWindow 3771->3775 3776 405909 3771->3776 3772 40576f 3780 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3772->3780 3774 405944 3773->3774 3777 4058f8 3773->3777 3778 40591e ShowWindow 3773->3778 3774->3776 3787 405952 SendMessageW 3774->3787 3813 4044ce SendMessageW 3775->3813 3779 404500 8 API calls 3776->3779 3782 404472 SendMessageW 3777->3782 3783 405930 3778->3783 3784 40593e 3778->3784 3792 405917 3779->3792 3785 4057e4 3780->3785 3786 4057c8 SendMessageW SendMessageW 3780->3786 3782->3776 3788 40559f 24 API calls 3783->3788 3789 404472 SendMessageW 3784->3789 3790 4057f7 3785->3790 3791 4057e9 SendMessageW 3785->3791 3786->3785 3787->3792 3793 40596b CreatePopupMenu 3787->3793 3788->3784 3789->3774 3795 404499 18 API calls 3790->3795 3791->3790 3794 40657a 17 API calls 3793->3794 3796 40597b AppendMenuW 3794->3796 3797 405807 3795->3797 3798 405998 GetWindowRect 3796->3798 3799 4059ab TrackPopupMenu 3796->3799 3800 405810 ShowWindow 3797->3800 3801 405844 GetDlgItem SendMessageW 3797->3801 3798->3799 3799->3792 3802 4059c6 3799->3802 3803 405833 3800->3803 3804 405826 ShowWindow 3800->3804 3801->3792 3805 40586b SendMessageW SendMessageW 3801->3805 3806 4059e2 SendMessageW 3802->3806 3812 4044ce SendMessageW 3803->3812 3804->3803 3805->3792 3806->3806 3807 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3806->3807 3809 405a24 SendMessageW 3807->3809 3809->3809 3810 405a4d GlobalUnlock SetClipboardData CloseClipboard 3809->3810 3810->3792 3811->3772 3812->3801 3813->3773 3815 401ede 3816 402d84 17 API calls 3815->3816 3817 401ee4 3816->3817 3818 402d84 17 API calls 3817->3818 3819 401ef0 3818->3819 3820 401f07 EnableWindow 3819->3820 3821 401efc ShowWindow 3819->3821 3822 402c2a 3820->3822 3821->3822 3971 4028de 3972 4028e6 3971->3972 3973 4028ea FindNextFileW 3972->3973 3976 4028fc 3972->3976 3974 402943 3973->3974 3973->3976 3977 40653d lstrcpynW 3974->3977 3977->3976 3978 404ce0 3979 404cf0 3978->3979 3980 404d0c 3978->3980 3989 405b81 GetDlgItemTextW 3979->3989 3981 404d12 SHGetPathFromIDListW 3980->3981 3982 404d3f 3980->3982 3984 404d29 SendMessageW 3981->3984 3985 404d22 3981->3985 3984->3982 3987 40140b 2 API calls 3985->3987 3986 404cfd SendMessageW 3986->3980 3987->3984 3989->3986 3190 405b63 ShellExecuteExW 3990 401563 3991 402ba4 3990->3991 3994 406484 wsprintfW 3991->3994 3993 402ba9 3994->3993 3995 401968 3996 402d84 17 API calls 3995->3996 3997 40196f 3996->3997 3998 402d84 17 API calls 3997->3998 3999 40197c 3998->3999 4000 402da6 17 API calls 3999->4000 4001 401993 lstrlenW 4000->4001 4002 4019a4 4001->4002 4006 4019e5 4002->4006 4007 40653d lstrcpynW 4002->4007 4004 4019d5 4005 4019da lstrlenW 4004->4005 4004->4006 4005->4006 4007->4004 4008 40166a 4009 402da6 17 API calls 4008->4009 4010 401670 4009->4010 4011 406873 2 API calls 4010->4011 4012 401676 4011->4012 4013 402aeb 4014 402d84 17 API calls 4013->4014 4015 402af1 4014->4015 4016 40292e 4015->4016 4017 40657a 17 API calls 4015->4017 4017->4016 3286 4026ec 3287 402d84 17 API calls 3286->3287 3288 4026fb 3287->3288 3289 402745 ReadFile 3288->3289 3290 4060b0 ReadFile 3288->3290 3291 4027de 3288->3291 3293 402785 MultiByteToWideChar 3288->3293 3294 40283a 3288->3294 3296 4027ab SetFilePointer MultiByteToWideChar 3288->3296 3297 40284b 3288->3297 3299 402838 3288->3299 3289->3288 3289->3299 3290->3288 3291->3288 3291->3299 3300 40610e SetFilePointer 3291->3300 3293->3288 3309 406484 wsprintfW 3294->3309 3296->3288 3298 40286c SetFilePointer 3297->3298 3297->3299 3298->3299 3301 40612a 3300->3301 3304 406142 3300->3304 3302 4060b0 ReadFile 3301->3302 3303 406136 3302->3303 3303->3304 3305 406173 SetFilePointer 3303->3305 3306 40614b SetFilePointer 3303->3306 3304->3291 3305->3304 3306->3305 3307 406156 3306->3307 3308 4060df WriteFile 3307->3308 3308->3304 3309->3299 3556 40176f 3557 402da6 17 API calls 3556->3557 3558 401776 3557->3558 3559 401796 3558->3559 3560 40179e 3558->3560 3595 40653d lstrcpynW 3559->3595 3596 40653d lstrcpynW 3560->3596 3563 40179c 3567 4067c4 5 API calls 3563->3567 3564 4017a9 3565 405e0c 3 API calls 3564->3565 3566 4017af lstrcatW 3565->3566 3566->3563 3584 4017bb 3567->3584 3568 406873 2 API calls 3568->3584 3569 406008 2 API calls 3569->3584 3571 4017cd CompareFileTime 3571->3584 3572 40188d 3574 40559f 24 API calls 3572->3574 3573 401864 3575 40559f 24 API calls 3573->3575 3579 401879 3573->3579 3577 401897 3574->3577 3575->3579 3576 40653d lstrcpynW 3576->3584 3578 4032b4 31 API calls 3577->3578 3580 4018aa 3578->3580 3581 4018be SetFileTime 3580->3581 3582 4018d0 FindCloseChangeNotification 3580->3582 3581->3582 3582->3579 3585 4018e1 3582->3585 3583 40657a 17 API calls 3583->3584 3584->3568 3584->3569 3584->3571 3584->3572 3584->3573 3584->3576 3584->3583 3590 405b9d MessageBoxIndirectW 3584->3590 3594 40602d GetFileAttributesW CreateFileW 3584->3594 3586 4018e6 3585->3586 3587 4018f9 3585->3587 3588 40657a 17 API calls 3586->3588 3589 40657a 17 API calls 3587->3589 3591 4018ee lstrcatW 3588->3591 3592 401901 3589->3592 3590->3584 3591->3592 3593 405b9d MessageBoxIndirectW 3592->3593 3593->3579 3594->3584 3595->3563 3596->3564 4018 401a72 4019 402d84 17 API calls 4018->4019 4020 401a7b 4019->4020 4021 402d84 17 API calls 4020->4021 4022 401a20 4021->4022 4023 401573 4024 401583 ShowWindow 4023->4024 4025 40158c 4023->4025 4024->4025 4026 402c2a 4025->4026 4027 40159a ShowWindow 4025->4027 4027->4026 4028 4023f4 4029 402da6 17 API calls 4028->4029 4030 402403 4029->4030 4031 402da6 17 API calls 4030->4031 4032 40240c 4031->4032 4033 402da6 17 API calls 4032->4033 4034 402416 GetPrivateProfileStringW 4033->4034 4035 4014f5 SetForegroundWindow 4036 402c2a 4035->4036 4037 401ff6 4038 402da6 17 API calls 4037->4038 4039 401ffd 4038->4039 4040 406873 2 API calls 4039->4040 4041 402003 4040->4041 4043 402014 4041->4043 4044 406484 wsprintfW 4041->4044 4044->4043 4045 401b77 4046 402da6 17 API calls 4045->4046 4047 401b7e 4046->4047 4048 402d84 17 API calls 4047->4048 4049 401b87 wsprintfW 4048->4049 4050 402c2a 4049->4050 4051 40167b 4052 402da6 17 API calls 4051->4052 4053 401682 4052->4053 4054 402da6 17 API calls 4053->4054 4055 40168b 4054->4055 4056 402da6 17 API calls 4055->4056 4057 401694 MoveFileW 4056->4057 4058 4016a7 4057->4058 4064 4016a0 4057->4064 4060 406873 2 API calls 4058->4060 4062 4022f6 4058->4062 4059 401423 24 API calls 4059->4062 4061 4016b6 4060->4061 4061->4062 4063 4062fd 36 API calls 4061->4063 4063->4064 4064->4059 4065 4019ff 4066 402da6 17 API calls 4065->4066 4067 401a06 4066->4067 4068 402da6 17 API calls 4067->4068 4069 401a0f 4068->4069 4070 401a16 lstrcmpiW 4069->4070 4071 401a28 lstrcmpW 4069->4071 4072 401a1c 4070->4072 4071->4072 4073 4022ff 4074 402da6 17 API calls 4073->4074 4075 402305 4074->4075 4076 402da6 17 API calls 4075->4076 4077 40230e 4076->4077 4078 402da6 17 API calls 4077->4078 4079 402317 4078->4079 4080 406873 2 API calls 4079->4080 4081 402320 4080->4081 4082 402331 lstrlenW lstrlenW 4081->4082 4083 402324 4081->4083 4085 40559f 24 API calls 4082->4085 4084 40559f 24 API calls 4083->4084 4087 40232c 4083->4087 4084->4087 4086 40236f SHFileOperationW 4085->4086 4086->4083 4086->4087 4088 401000 4089 401037 BeginPaint GetClientRect 4088->4089 4090 40100c DefWindowProcW 4088->4090 4092 4010f3 4089->4092 4095 401179 4090->4095 4093 401073 CreateBrushIndirect FillRect DeleteObject 4092->4093 4094 4010fc 4092->4094 4093->4092 4096 401102 CreateFontIndirectW 4094->4096 4097 401167 EndPaint 4094->4097 4096->4097 4098 401112 6 API calls 4096->4098 4097->4095 4098->4097 3154 401d81 3155 401d94 GetDlgItem 3154->3155 3156 401d87 3154->3156 3157 401d8e 3155->3157 3165 402d84 3156->3165 3159 401dd5 GetClientRect LoadImageW SendMessageW 3157->3159 3160 402da6 17 API calls 3157->3160 3162 401e33 3159->3162 3164 401e3f 3159->3164 3160->3159 3163 401e38 DeleteObject 3162->3163 3162->3164 3163->3164 3166 40657a 17 API calls 3165->3166 3167 402d99 3166->3167 3167->3157 4099 401503 4100 40150b 4099->4100 4102 40151e 4099->4102 4101 402d84 17 API calls 4100->4101 4101->4102 4103 402383 4104 40238a 4103->4104 4107 40239d 4103->4107 4105 40657a 17 API calls 4104->4105 4106 402397 4105->4106 4108 405b9d MessageBoxIndirectW 4106->4108 4108->4107 3217 402c05 SendMessageW 3218 402c2a 3217->3218 3219 402c1f InvalidateRect 3217->3219 3219->3218 4109 404f06 GetDlgItem GetDlgItem 4110 404f58 7 API calls 4109->4110 4116 40517d 4109->4116 4111 404ff2 SendMessageW 4110->4111 4112 404fff DeleteObject 4110->4112 4111->4112 4113 405008 4112->4113 4114 40503f 4113->4114 4117 40657a 17 API calls 4113->4117 4118 404499 18 API calls 4114->4118 4115 40525f 4119 40530b 4115->4119 4129 4052b8 SendMessageW 4115->4129 4149 405170 4115->4149 4116->4115 4120 4051ec 4116->4120 4163 404e54 SendMessageW 4116->4163 4123 405021 SendMessageW SendMessageW 4117->4123 4124 405053 4118->4124 4121 405315 SendMessageW 4119->4121 4122 40531d 4119->4122 4120->4115 4125 405251 SendMessageW 4120->4125 4121->4122 4131 405336 4122->4131 4132 40532f ImageList_Destroy 4122->4132 4147 405346 4122->4147 4123->4113 4128 404499 18 API calls 4124->4128 4125->4115 4126 404500 8 API calls 4130 40550c 4126->4130 4142 405064 4128->4142 4134 4052cd SendMessageW 4129->4134 4129->4149 4135 40533f GlobalFree 4131->4135 4131->4147 4132->4131 4133 4054c0 4138 4054d2 ShowWindow GetDlgItem ShowWindow 4133->4138 4133->4149 4137 4052e0 4134->4137 4135->4147 4136 40513f GetWindowLongW SetWindowLongW 4139 405158 4136->4139 4148 4052f1 SendMessageW 4137->4148 4138->4149 4140 405175 4139->4140 4141 40515d ShowWindow 4139->4141 4162 4044ce SendMessageW 4140->4162 4161 4044ce SendMessageW 4141->4161 4142->4136 4143 40513a 4142->4143 4146 4050b7 SendMessageW 4142->4146 4150 4050f5 SendMessageW 4142->4150 4151 405109 SendMessageW 4142->4151 4143->4136 4143->4139 4146->4142 4147->4133 4154 405381 4147->4154 4168 404ed4 4147->4168 4148->4119 4149->4126 4150->4142 4151->4142 4153 40548b 4155 405496 InvalidateRect 4153->4155 4158 4054a2 4153->4158 4156 4053af SendMessageW 4154->4156 4157 4053c5 4154->4157 4155->4158 4156->4157 4157->4153 4159 405439 SendMessageW SendMessageW 4157->4159 4158->4133 4177 404e0f 4158->4177 4159->4157 4161->4149 4162->4116 4164 404eb3 SendMessageW 4163->4164 4165 404e77 GetMessagePos ScreenToClient SendMessageW 4163->4165 4167 404eab 4164->4167 4166 404eb0 4165->4166 4165->4167 4166->4164 4167->4120 4180 40653d lstrcpynW 4168->4180 4170 404ee7 4181 406484 wsprintfW 4170->4181 4172 404ef1 4173 40140b 2 API calls 4172->4173 4174 404efa 4173->4174 4182 40653d lstrcpynW 4174->4182 4176 404f01 4176->4154 4183 404d46 4177->4183 4179 404e24 4179->4133 4180->4170 4181->4172 4182->4176 4184 404d5f 4183->4184 4185 40657a 17 API calls 4184->4185 4186 404dc3 4185->4186 4187 40657a 17 API calls 4186->4187 4188 404dce 4187->4188 4189 40657a 17 API calls 4188->4189 4190 404de4 lstrlenW wsprintfW SetDlgItemTextW 4189->4190 4190->4179 4191 404609 lstrlenW 4192 404628 4191->4192 4193 40462a WideCharToMultiByte 4191->4193 4192->4193 3220 40248a 3221 402da6 17 API calls 3220->3221 3222 40249c 3221->3222 3223 402da6 17 API calls 3222->3223 3224 4024a6 3223->3224 3237 402e36 3224->3237 3227 40292e 3228 4024de 3230 4024ea 3228->3230 3232 402d84 17 API calls 3228->3232 3229 402da6 17 API calls 3231 4024d4 lstrlenW 3229->3231 3233 402509 RegSetValueExW 3230->3233 3241 4032b4 3230->3241 3231->3228 3232->3230 3235 40251f RegCloseKey 3233->3235 3235->3227 3238 402e51 3237->3238 3261 4063d8 3238->3261 3242 4032cd 3241->3242 3243 4032fb 3242->3243 3268 4034e5 SetFilePointer 3242->3268 3265 4034cf 3243->3265 3247 403468 3249 4034aa 3247->3249 3252 40346c 3247->3252 3248 403318 GetTickCount 3253 403452 3248->3253 3257 403367 3248->3257 3250 4034cf ReadFile 3249->3250 3250->3253 3251 4034cf ReadFile 3251->3257 3252->3253 3254 4034cf ReadFile 3252->3254 3255 4060df WriteFile 3252->3255 3253->3233 3254->3252 3255->3252 3256 4033bd GetTickCount 3256->3257 3257->3251 3257->3253 3257->3256 3258 4033e2 MulDiv wsprintfW 3257->3258 3260 4060df WriteFile 3257->3260 3259 40559f 24 API calls 3258->3259 3259->3257 3260->3257 3262 4063e7 3261->3262 3263 4063f2 RegCreateKeyExW 3262->3263 3264 4024b6 3262->3264 3263->3264 3264->3227 3264->3228 3264->3229 3266 4060b0 ReadFile 3265->3266 3267 403306 3266->3267 3267->3247 3267->3248 3267->3253 3268->3243 4194 40498a 4195 4049b6 4194->4195 4196 4049c7 4194->4196 4255 405b81 GetDlgItemTextW 4195->4255 4197 4049d3 GetDlgItem 4196->4197 4204 404a32 4196->4204 4200 4049e7 4197->4200 4199 4049c1 4202 4067c4 5 API calls 4199->4202 4203 4049fb SetWindowTextW 4200->4203 4207 405eb7 4 API calls 4200->4207 4201 404b16 4253 404cc5 4201->4253 4257 405b81 GetDlgItemTextW 4201->4257 4202->4196 4208 404499 18 API calls 4203->4208 4204->4201 4209 40657a 17 API calls 4204->4209 4204->4253 4206 404500 8 API calls 4211 404cd9 4206->4211 4212 4049f1 4207->4212 4213 404a17 4208->4213 4214 404aa6 SHBrowseForFolderW 4209->4214 4210 404b46 4215 405f14 18 API calls 4210->4215 4212->4203 4219 405e0c 3 API calls 4212->4219 4216 404499 18 API calls 4213->4216 4214->4201 4217 404abe CoTaskMemFree 4214->4217 4218 404b4c 4215->4218 4220 404a25 4216->4220 4221 405e0c 3 API calls 4217->4221 4258 40653d lstrcpynW 4218->4258 4219->4203 4256 4044ce SendMessageW 4220->4256 4223 404acb 4221->4223 4226 404b02 SetDlgItemTextW 4223->4226 4230 40657a 17 API calls 4223->4230 4225 404a2b 4228 40690a 5 API calls 4225->4228 4226->4201 4227 404b63 4229 40690a 5 API calls 4227->4229 4228->4204 4241 404b6a 4229->4241 4231 404aea lstrcmpiW 4230->4231 4231->4226 4233 404afb lstrcatW 4231->4233 4232 404bab 4259 40653d lstrcpynW 4232->4259 4233->4226 4235 404bb2 4236 405eb7 4 API calls 4235->4236 4237 404bb8 GetDiskFreeSpaceW 4236->4237 4239 404bdc MulDiv 4237->4239 4243 404c03 4237->4243 4239->4243 4240 405e58 2 API calls 4240->4241 4241->4232 4241->4240 4241->4243 4242 404c74 4245 404c97 4242->4245 4247 40140b 2 API calls 4242->4247 4243->4242 4244 404e0f 20 API calls 4243->4244 4246 404c61 4244->4246 4260 4044bb KiUserCallbackDispatcher 4245->4260 4248 404c76 SetDlgItemTextW 4246->4248 4249 404c66 4246->4249 4247->4245 4248->4242 4251 404d46 20 API calls 4249->4251 4251->4242 4252 404cb3 4252->4253 4254 4048e3 SendMessageW 4252->4254 4253->4206 4254->4253 4255->4199 4256->4225 4257->4210 4258->4227 4259->4235 4260->4252 4261 40290b 4262 402da6 17 API calls 4261->4262 4263 402912 FindFirstFileW 4262->4263 4264 40293a 4263->4264 4267 402925 4263->4267 4269 406484 wsprintfW 4264->4269 4266 402943 4270 40653d lstrcpynW 4266->4270 4269->4266 4270->4267 4271 40190c 4272 401943 4271->4272 4273 402da6 17 API calls 4272->4273 4274 401948 4273->4274 4275 405c49 67 API calls 4274->4275 4276 401951 4275->4276 4277 40190f 4278 402da6 17 API calls 4277->4278 4279 401916 4278->4279 4280 405b9d MessageBoxIndirectW 4279->4280 4281 40191f 4280->4281 3597 402891 3598 402898 3597->3598 3599 402ba9 3597->3599 3600 402d84 17 API calls 3598->3600 3601 40289f 3600->3601 3602 4028ae SetFilePointer 3601->3602 3602->3599 3603 4028be 3602->3603 3605 406484 wsprintfW 3603->3605 3605->3599 4282 401491 4283 40559f 24 API calls 4282->4283 4284 401498 4283->4284 3606 403b12 3607 403b2a 3606->3607 3608 403b1c CloseHandle 3606->3608 3613 403b57 3607->3613 3608->3607 3611 405c49 67 API calls 3612 403b3b 3611->3612 3615 403b65 3613->3615 3614 403b2f 3614->3611 3615->3614 3616 403b6a FreeLibrary GlobalFree 3615->3616 3616->3614 3616->3616 4285 401f12 4286 402da6 17 API calls 4285->4286 4287 401f18 4286->4287 4288 402da6 17 API calls 4287->4288 4289 401f21 4288->4289 4290 402da6 17 API calls 4289->4290 4291 401f2a 4290->4291 4292 402da6 17 API calls 4291->4292 4293 401f33 4292->4293 4294 401423 24 API calls 4293->4294 4295 401f3a 4294->4295 4302 405b63 ShellExecuteExW 4295->4302 4297 401f82 4298 40292e 4297->4298 4299 4069b5 5 API calls 4297->4299 4300 401f9f FindCloseChangeNotification 4299->4300 4300->4298 4302->4297 4303 405513 4304 405523 4303->4304 4305 405537 4303->4305 4306 405580 4304->4306 4307 405529 4304->4307 4308 40553f IsWindowVisible 4305->4308 4314 405556 4305->4314 4309 405585 CallWindowProcW 4306->4309 4310 4044e5 SendMessageW 4307->4310 4308->4306 4311 40554c 4308->4311 4312 405533 4309->4312 4310->4312 4313 404e54 5 API calls 4311->4313 4313->4314 4314->4309 4315 404ed4 4 API calls 4314->4315 4315->4306 4316 402f93 4317 402fa5 SetTimer 4316->4317 4318 402fbe 4316->4318 4317->4318 4319 403013 4318->4319 4320 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4318->4320 4320->4319 4321 401d17 4322 402d84 17 API calls 4321->4322 4323 401d1d IsWindow 4322->4323 4324 401a20 4323->4324 3643 403f9a 3644 403fb2 3643->3644 3645 404113 3643->3645 3644->3645 3646 403fbe 3644->3646 3647 404164 3645->3647 3648 404124 GetDlgItem GetDlgItem 3645->3648 3650 403fc9 SetWindowPos 3646->3650 3651 403fdc 3646->3651 3649 4041be 3647->3649 3660 401389 2 API calls 3647->3660 3652 404499 18 API calls 3648->3652 3653 4044e5 SendMessageW 3649->3653 3661 40410e 3649->3661 3650->3651 3654 403fe5 ShowWindow 3651->3654 3655 404027 3651->3655 3656 40414e SetClassLongW 3652->3656 3682 4041d0 3653->3682 3662 4040d1 3654->3662 3663 404005 GetWindowLongW 3654->3663 3657 404046 3655->3657 3658 40402f DestroyWindow 3655->3658 3659 40140b 2 API calls 3656->3659 3665 40404b SetWindowLongW 3657->3665 3666 40405c 3657->3666 3664 404422 3658->3664 3659->3647 3667 404196 3660->3667 3723 404500 3662->3723 3663->3662 3669 40401e ShowWindow 3663->3669 3664->3661 3676 404453 ShowWindow 3664->3676 3665->3661 3666->3662 3670 404068 GetDlgItem 3666->3670 3667->3649 3671 40419a SendMessageW 3667->3671 3669->3655 3674 404096 3670->3674 3675 404079 SendMessageW IsWindowEnabled 3670->3675 3671->3661 3672 40140b 2 API calls 3672->3682 3673 404424 DestroyWindow KiUserCallbackDispatcher 3673->3664 3678 4040a3 3674->3678 3680 4040ea SendMessageW 3674->3680 3681 4040b6 3674->3681 3688 40409b 3674->3688 3675->3661 3675->3674 3676->3661 3677 40657a 17 API calls 3677->3682 3678->3680 3678->3688 3680->3662 3683 4040d3 3681->3683 3684 4040be 3681->3684 3682->3661 3682->3672 3682->3673 3682->3677 3685 404499 18 API calls 3682->3685 3705 404364 DestroyWindow 3682->3705 3714 404499 3682->3714 3686 40140b 2 API calls 3683->3686 3687 40140b 2 API calls 3684->3687 3685->3682 3686->3688 3687->3688 3688->3662 3720 404472 3688->3720 3690 40424b GetDlgItem 3691 404260 3690->3691 3692 404268 ShowWindow KiUserCallbackDispatcher 3690->3692 3691->3692 3717 4044bb KiUserCallbackDispatcher 3692->3717 3694 404292 KiUserCallbackDispatcher 3699 4042a6 3694->3699 3695 4042ab GetSystemMenu EnableMenuItem SendMessageW 3696 4042db SendMessageW 3695->3696 3695->3699 3696->3699 3698 403f7b 18 API calls 3698->3699 3699->3695 3699->3698 3718 4044ce SendMessageW 3699->3718 3719 40653d lstrcpynW 3699->3719 3701 40430a lstrlenW 3702 40657a 17 API calls 3701->3702 3703 404320 SetWindowTextW 3702->3703 3704 401389 2 API calls 3703->3704 3704->3682 3705->3664 3706 40437e CreateDialogParamW 3705->3706 3706->3664 3707 4043b1 3706->3707 3708 404499 18 API calls 3707->3708 3709 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3708->3709 3710 401389 2 API calls 3709->3710 3711 404402 3710->3711 3711->3661 3712 40440a ShowWindow 3711->3712 3713 4044e5 SendMessageW 3712->3713 3713->3664 3715 40657a 17 API calls 3714->3715 3716 4044a4 SetDlgItemTextW 3715->3716 3716->3690 3717->3694 3718->3699 3719->3701 3721 404479 3720->3721 3722 40447f SendMessageW 3720->3722 3721->3722 3722->3662 3724 4045c3 3723->3724 3725 404518 GetWindowLongW 3723->3725 3724->3661 3725->3724 3726 40452d 3725->3726 3726->3724 3727 40455a GetSysColor 3726->3727 3728 40455d 3726->3728 3727->3728 3729 404563 SetTextColor 3728->3729 3730 40456d SetBkMode 3728->3730 3729->3730 3731 404585 GetSysColor 3730->3731 3732 40458b 3730->3732 3731->3732 3733 404592 SetBkColor 3732->3733 3734 40459c 3732->3734 3733->3734 3734->3724 3735 4045b6 CreateBrushIndirect 3734->3735 3736 4045af DeleteObject 3734->3736 3735->3724 3736->3735 3737 401b9b 3738 401ba8 3737->3738 3739 401bec 3737->3739 3744 401c31 3738->3744 3745 401bbf 3738->3745 3740 401bf1 3739->3740 3741 401c16 GlobalAlloc 3739->3741 3746 40239d 3740->3746 3756 40653d lstrcpynW 3740->3756 3742 40657a 17 API calls 3741->3742 3742->3744 3743 40657a 17 API calls 3747 402397 3743->3747 3744->3743 3744->3746 3757 40653d lstrcpynW 3745->3757 3752 405b9d MessageBoxIndirectW 3747->3752 3750 401c03 GlobalFree 3750->3746 3751 401bce 3758 40653d lstrcpynW 3751->3758 3752->3746 3754 401bdd 3759 40653d lstrcpynW 3754->3759 3756->3750 3757->3751 3758->3754 3759->3746 4325 40261c 4326 402da6 17 API calls 4325->4326 4327 402623 4326->4327 4330 40602d GetFileAttributesW CreateFileW 4327->4330 4329 40262f 4330->4329 3823 40259e 3824 402de6 17 API calls 3823->3824 3825 4025a8 3824->3825 3826 402d84 17 API calls 3825->3826 3827 4025b1 3826->3827 3828 4025d9 RegEnumValueW 3827->3828 3829 4025cd RegEnumKeyW 3827->3829 3830 40292e 3827->3830 3831 4025f5 RegCloseKey 3828->3831 3832 4025ee 3828->3832 3829->3831 3831->3830 3832->3831 4331 40149e 4332 4014ac PostQuitMessage 4331->4332 4333 40239d 4331->4333 4332->4333 4334 4015a3 4335 402da6 17 API calls 4334->4335 4336 4015aa SetFileAttributesW 4335->4336 4337 4015bc 4336->4337 3191 401fa4 3192 402da6 17 API calls 3191->3192 3193 401faa 3192->3193 3194 40559f 24 API calls 3193->3194 3195 401fb4 3194->3195 3204 405b20 CreateProcessW 3195->3204 3198 40292e 3201 401fcf 3202 401fdd FindCloseChangeNotification 3201->3202 3212 406484 wsprintfW 3201->3212 3202->3198 3205 405b53 CloseHandle 3204->3205 3206 401fba 3204->3206 3205->3206 3206->3198 3206->3202 3207 4069b5 WaitForSingleObject 3206->3207 3208 4069cf 3207->3208 3209 4069e1 GetExitCodeProcess 3208->3209 3213 406946 3208->3213 3209->3201 3212->3202 3214 406963 PeekMessageW 3213->3214 3215 406973 WaitForSingleObject 3214->3215 3216 406959 DispatchMessageW 3214->3216 3215->3208 3216->3214 3269 40252a 3280 402de6 3269->3280 3272 402da6 17 API calls 3273 40253d 3272->3273 3274 402548 RegQueryValueExW 3273->3274 3279 40292e 3273->3279 3275 40256e RegCloseKey 3274->3275 3276 402568 3274->3276 3275->3279 3276->3275 3285 406484 wsprintfW 3276->3285 3281 402da6 17 API calls 3280->3281 3282 402dfd 3281->3282 3283 4063aa RegOpenKeyExW 3282->3283 3284 402534 3283->3284 3284->3272 3285->3275 4338 40202a 4339 402da6 17 API calls 4338->4339 4340 402031 4339->4340 4341 40690a 5 API calls 4340->4341 4342 402040 4341->4342 4343 40205c GlobalAlloc 4342->4343 4346 4020cc 4342->4346 4344 402070 4343->4344 4343->4346 4345 40690a 5 API calls 4344->4345 4347 402077 4345->4347 4348 40690a 5 API calls 4347->4348 4349 402081 4348->4349 4349->4346 4353 406484 wsprintfW 4349->4353 4351 4020ba 4354 406484 wsprintfW 4351->4354 4353->4351 4354->4346 4355 4021aa 4356 402da6 17 API calls 4355->4356 4357 4021b1 4356->4357 4358 402da6 17 API calls 4357->4358 4359 4021bb 4358->4359 4360 402da6 17 API calls 4359->4360 4361 4021c5 4360->4361 4362 402da6 17 API calls 4361->4362 4363 4021cf 4362->4363 4364 402da6 17 API calls 4363->4364 4365 4021d9 4364->4365 4366 402218 CoCreateInstance 4365->4366 4367 402da6 17 API calls 4365->4367 4370 402237 4366->4370 4367->4366 4368 401423 24 API calls 4369 4022f6 4368->4369 4370->4368 4370->4369 4371 403baa 4372 403bb5 4371->4372 4373 403bb9 4372->4373 4374 403bbc GlobalAlloc 4372->4374 4374->4373 3310 40352d SetErrorMode GetVersionExW 3311 4035b7 3310->3311 3312 40357f GetVersionExW 3310->3312 3313 403610 3311->3313 3314 40690a 5 API calls 3311->3314 3312->3311 3315 40689a 3 API calls 3313->3315 3314->3313 3316 403626 lstrlenA 3315->3316 3316->3313 3317 403636 3316->3317 3318 40690a 5 API calls 3317->3318 3319 40363d 3318->3319 3320 40690a 5 API calls 3319->3320 3321 403644 3320->3321 3322 40690a 5 API calls 3321->3322 3326 403650 #17 OleInitialize SHGetFileInfoW 3322->3326 3325 40369d GetCommandLineW 3401 40653d lstrcpynW 3325->3401 3400 40653d lstrcpynW 3326->3400 3328 4036af 3329 405e39 CharNextW 3328->3329 3330 4036d5 CharNextW 3329->3330 3342 4036e6 3330->3342 3331 4037e4 3332 4037f8 GetTempPathW 3331->3332 3402 4034fc 3332->3402 3334 403810 3336 403814 GetWindowsDirectoryW lstrcatW 3334->3336 3337 40386a DeleteFileW 3334->3337 3335 405e39 CharNextW 3335->3342 3338 4034fc 12 API calls 3336->3338 3412 40307d GetTickCount GetModuleFileNameW 3337->3412 3340 403830 3338->3340 3340->3337 3343 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3340->3343 3341 40387d 3345 403a59 ExitProcess OleUninitialize 3341->3345 3347 403932 3341->3347 3355 405e39 CharNextW 3341->3355 3342->3331 3342->3335 3344 4037e6 3342->3344 3346 4034fc 12 API calls 3343->3346 3496 40653d lstrcpynW 3344->3496 3349 403a69 3345->3349 3350 403a7e 3345->3350 3354 403862 3346->3354 3440 403bec 3347->3440 3501 405b9d 3349->3501 3352 403a86 GetCurrentProcess OpenProcessToken 3350->3352 3353 403afc ExitProcess 3350->3353 3358 403acc 3352->3358 3359 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3352->3359 3354->3337 3354->3345 3369 40389f 3355->3369 3362 40690a 5 API calls 3358->3362 3359->3358 3360 403941 3360->3345 3365 403ad3 3362->3365 3363 403908 3366 405f14 18 API calls 3363->3366 3364 403949 3368 405b08 5 API calls 3364->3368 3367 403ae8 ExitWindowsEx 3365->3367 3371 403af5 3365->3371 3370 403914 3366->3370 3367->3353 3367->3371 3372 40394e lstrcatW 3368->3372 3369->3363 3369->3364 3370->3345 3497 40653d lstrcpynW 3370->3497 3505 40140b 3371->3505 3373 40396a lstrcatW lstrcmpiW 3372->3373 3374 40395f lstrcatW 3372->3374 3373->3360 3376 40398a 3373->3376 3374->3373 3378 403996 3376->3378 3379 40398f 3376->3379 3382 405aeb 2 API calls 3378->3382 3381 405a6e 4 API calls 3379->3381 3380 403927 3498 40653d lstrcpynW 3380->3498 3384 403994 3381->3384 3385 40399b SetCurrentDirectoryW 3382->3385 3384->3385 3386 4039b8 3385->3386 3387 4039ad 3385->3387 3500 40653d lstrcpynW 3386->3500 3499 40653d lstrcpynW 3387->3499 3390 40657a 17 API calls 3391 4039fa DeleteFileW 3390->3391 3392 403a06 CopyFileW 3391->3392 3397 4039c5 3391->3397 3392->3397 3393 403a50 3395 4062fd 36 API calls 3393->3395 3394 4062fd 36 API calls 3394->3397 3395->3360 3396 40657a 17 API calls 3396->3397 3397->3390 3397->3393 3397->3394 3397->3396 3398 405b20 2 API calls 3397->3398 3399 403a3a CloseHandle 3397->3399 3398->3397 3399->3397 3400->3325 3401->3328 3403 4067c4 5 API calls 3402->3403 3405 403508 3403->3405 3404 403512 3404->3334 3405->3404 3406 405e0c 3 API calls 3405->3406 3407 40351a 3406->3407 3408 405aeb 2 API calls 3407->3408 3409 403520 3408->3409 3508 40605c 3409->3508 3512 40602d GetFileAttributesW CreateFileW 3412->3512 3414 4030bd 3432 4030cd 3414->3432 3513 40653d lstrcpynW 3414->3513 3416 4030e3 3417 405e58 2 API calls 3416->3417 3418 4030e9 3417->3418 3514 40653d lstrcpynW 3418->3514 3420 4030f4 GetFileSize 3421 4031ee 3420->3421 3439 40310b 3420->3439 3515 403019 3421->3515 3423 4031f7 3425 403227 GlobalAlloc 3423->3425 3423->3432 3527 4034e5 SetFilePointer 3423->3527 3424 4034cf ReadFile 3424->3439 3526 4034e5 SetFilePointer 3425->3526 3427 40325a 3429 403019 6 API calls 3427->3429 3429->3432 3430 403210 3433 4034cf ReadFile 3430->3433 3431 403242 3434 4032b4 31 API calls 3431->3434 3432->3341 3435 40321b 3433->3435 3437 40324e 3434->3437 3435->3425 3435->3432 3436 403019 6 API calls 3436->3439 3437->3432 3437->3437 3438 40328b SetFilePointer 3437->3438 3438->3432 3439->3421 3439->3424 3439->3427 3439->3432 3439->3436 3441 40690a 5 API calls 3440->3441 3442 403c00 3441->3442 3443 403c06 3442->3443 3444 403c18 3442->3444 3543 406484 wsprintfW 3443->3543 3445 40640b 3 API calls 3444->3445 3446 403c48 3445->3446 3448 403c67 lstrcatW 3446->3448 3450 40640b 3 API calls 3446->3450 3449 403c16 3448->3449 3528 403ec2 3449->3528 3450->3448 3453 405f14 18 API calls 3454 403c99 3453->3454 3455 403d2d 3454->3455 3457 40640b 3 API calls 3454->3457 3456 405f14 18 API calls 3455->3456 3458 403d33 3456->3458 3459 403ccb 3457->3459 3460 403d43 LoadImageW 3458->3460 3461 40657a 17 API calls 3458->3461 3459->3455 3464 403cec lstrlenW 3459->3464 3467 405e39 CharNextW 3459->3467 3462 403de9 3460->3462 3463 403d6a RegisterClassW 3460->3463 3461->3460 3466 40140b 2 API calls 3462->3466 3465 403da0 SystemParametersInfoW CreateWindowExW 3463->3465 3495 403df3 3463->3495 3468 403d20 3464->3468 3469 403cfa lstrcmpiW 3464->3469 3465->3462 3473 403def 3466->3473 3471 403ce9 3467->3471 3470 405e0c 3 API calls 3468->3470 3469->3468 3472 403d0a GetFileAttributesW 3469->3472 3475 403d26 3470->3475 3471->3464 3476 403d16 3472->3476 3474 403ec2 18 API calls 3473->3474 3473->3495 3477 403e00 3474->3477 3544 40653d lstrcpynW 3475->3544 3476->3468 3479 405e58 2 API calls 3476->3479 3480 403e0c ShowWindow 3477->3480 3481 403e8f 3477->3481 3479->3468 3483 40689a 3 API calls 3480->3483 3536 405672 OleInitialize 3481->3536 3485 403e24 3483->3485 3484 403e95 3486 403eb1 3484->3486 3487 403e99 3484->3487 3488 403e32 GetClassInfoW 3485->3488 3490 40689a 3 API calls 3485->3490 3489 40140b 2 API calls 3486->3489 3493 40140b 2 API calls 3487->3493 3487->3495 3491 403e46 GetClassInfoW RegisterClassW 3488->3491 3492 403e5c DialogBoxParamW 3488->3492 3489->3495 3490->3488 3491->3492 3494 40140b 2 API calls 3492->3494 3493->3495 3494->3495 3495->3360 3496->3332 3497->3380 3498->3347 3499->3386 3500->3397 3502 405bb2 3501->3502 3503 403a76 ExitProcess 3502->3503 3504 405bc6 MessageBoxIndirectW 3502->3504 3504->3503 3506 401389 2 API calls 3505->3506 3507 401420 3506->3507 3507->3353 3509 406069 GetTickCount GetTempFileNameW 3508->3509 3510 40352b 3509->3510 3511 40609f 3509->3511 3510->3334 3511->3509 3511->3510 3512->3414 3513->3416 3514->3420 3516 403022 3515->3516 3517 40303a 3515->3517 3518 403032 3516->3518 3519 40302b DestroyWindow 3516->3519 3520 403042 3517->3520 3521 40304a GetTickCount 3517->3521 3518->3423 3519->3518 3522 406946 2 API calls 3520->3522 3523 403058 CreateDialogParamW ShowWindow 3521->3523 3524 40307b 3521->3524 3525 403048 3522->3525 3523->3524 3524->3423 3525->3423 3526->3431 3527->3430 3529 403ed6 3528->3529 3545 406484 wsprintfW 3529->3545 3531 403f47 3546 403f7b 3531->3546 3533 403c77 3533->3453 3534 403f4c 3534->3533 3535 40657a 17 API calls 3534->3535 3535->3534 3549 4044e5 3536->3549 3538 405695 3542 4056bc 3538->3542 3552 401389 3538->3552 3539 4044e5 SendMessageW 3540 4056ce OleUninitialize 3539->3540 3540->3484 3542->3539 3543->3449 3544->3455 3545->3531 3547 40657a 17 API calls 3546->3547 3548 403f89 SetWindowTextW 3547->3548 3548->3534 3550 4044fd 3549->3550 3551 4044ee SendMessageW 3549->3551 3550->3538 3551->3550 3554 401390 3552->3554 3553 4013fe 3553->3538 3554->3553 3555 4013cb MulDiv SendMessageW 3554->3555 3555->3554 4375 401a30 4376 402da6 17 API calls 4375->4376 4377 401a39 ExpandEnvironmentStringsW 4376->4377 4378 401a4d 4377->4378 4380 401a60 4377->4380 4379 401a52 lstrcmpW 4378->4379 4378->4380 4379->4380 4386 4023b2 4387 4023c0 4386->4387 4388 4023ba 4386->4388 4390 4023ce 4387->4390 4391 402da6 17 API calls 4387->4391 4389 402da6 17 API calls 4388->4389 4389->4387 4392 402da6 17 API calls 4390->4392 4394 4023dc 4390->4394 4391->4390 4392->4394 4393 402da6 17 API calls 4395 4023e5 WritePrivateProfileStringW 4393->4395 4394->4393 4396 402434 4397 402467 4396->4397 4398 40243c 4396->4398 4399 402da6 17 API calls 4397->4399 4400 402de6 17 API calls 4398->4400 4401 40246e 4399->4401 4402 402443 4400->4402 4407 402e64 4401->4407 4404 402da6 17 API calls 4402->4404 4405 40247b 4402->4405 4406 402454 RegDeleteValueW RegCloseKey 4404->4406 4406->4405 4408 402e71 4407->4408 4409 402e78 4407->4409 4408->4405 4409->4408 4411 402ea9 4409->4411 4412 4063aa RegOpenKeyExW 4411->4412 4413 402ed7 4412->4413 4414 402ee7 RegEnumValueW 4413->4414 4415 402f0a 4413->4415 4422 402f81 4413->4422 4414->4415 4416 402f71 RegCloseKey 4414->4416 4415->4416 4417 402f46 RegEnumKeyW 4415->4417 4418 402f4f RegCloseKey 4415->4418 4421 402ea9 6 API calls 4415->4421 4416->4422 4417->4415 4417->4418 4419 40690a 5 API calls 4418->4419 4420 402f5f 4419->4420 4420->4422 4423 402f63 RegDeleteKeyW 4420->4423 4421->4415 4422->4408 4423->4422 4424 401735 4425 402da6 17 API calls 4424->4425 4426 40173c SearchPathW 4425->4426 4427 401757 4426->4427 4428 401d38 4429 402d84 17 API calls 4428->4429 4430 401d3f 4429->4430 4431 402d84 17 API calls 4430->4431 4432 401d4b GetDlgItem 4431->4432 4433 402638 4432->4433 4434 4014b8 4435 4014be 4434->4435 4436 401389 2 API calls 4435->4436 4437 4014c6 4436->4437 4438 40263e 4439 402652 4438->4439 4440 40266d 4438->4440 4441 402d84 17 API calls 4439->4441 4442 402672 4440->4442 4443 40269d 4440->4443 4450 402659 4441->4450 4444 402da6 17 API calls 4442->4444 4445 402da6 17 API calls 4443->4445 4447 402679 4444->4447 4446 4026a4 lstrlenW 4445->4446 4446->4450 4455 40655f WideCharToMultiByte 4447->4455 4449 40268d lstrlenA 4449->4450 4451 4026d1 4450->4451 4452 4026e7 4450->4452 4454 40610e 5 API calls 4450->4454 4451->4452 4453 4060df WriteFile 4451->4453 4453->4452 4454->4451 4455->4449

                                                                                                                      Executed Functions

                                                                                                                      Function 0040352D Relevance: 88.0, APIs: 34, Strings: 16, Instructions: 450stringfilecomCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                      • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                      • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                      • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                      • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\tKr6T60C1r.exe",00000020,"C:\Users\user\Desktop\tKr6T60C1r.exe",00000000), ref: 004036D6
                                                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\), ref: 0040385B
                                                                                                                      • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                        • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,00441800,C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\tKr6T60C1r.exe",00000000,?), ref: 0040397C
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\), ref: 0040399C
                                                                                                                      • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,?), ref: 004039FB
                                                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\tKr6T60C1r.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                      • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                      • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                      • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                      • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                      • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                      • String ID: "C:\Users\user\Desktop\tKr6T60C1r.exe"$.tmp$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp$C:\Users\user\Desktop\tKr6T60C1r.exe$C:\Users\user\PCAppStore$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                      • API String ID: 2292928366-665890021
                                                                                                                      • Opcode ID: a9950f16e1a4a62c6ded3d55c7a98e4382dcb346a085109a7b13f69721f27fd6
                                                                                                                      • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                      • Opcode Fuzzy Hash: a9950f16e1a4a62c6ded3d55c7a98e4382dcb346a085109a7b13f69721f27fd6
                                                                                                                      • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                      Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                      • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                        • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                      • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                      • ShowWindow.USER32(0003045E,00000008), ref: 004058DC
                                                                                                                      • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                      • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                      • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                      • CloseClipboard.USER32 ref: 00405A61
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                      • String ID: {
                                                                                                                      • API String ID: 590372296-366298937
                                                                                                                      • Opcode ID: c8ef7bbbe888f33c7642292c9829dc0fe895fcac448e4408b73d3b9779d96911
                                                                                                                      • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                      • Opcode Fuzzy Hash: c8ef7bbbe888f33c7642292c9829dc0fe895fcac448e4408b73d3b9779d96911
                                                                                                                      • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                      Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                      APIs
                                                                                                                      • DeleteFileW.KERNEL32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\*.*,?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                      • FindFirstFileW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\*.*,?,?,?,0040A014,?,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\*.*,?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 00405DA2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                      • String ID: .$.$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\*.*$\*.*
                                                                                                                      • API String ID: 2035342205-4084151443
                                                                                                                      • Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                      • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                      • Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                      • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                      Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(771B3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405C69,?,771B3420,C:\Users\user~1\AppData\Local\Temp\), ref: 0040687E
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                      • String ID: C:\
                                                                                                                      • API String ID: 2295610775-3404278061
                                                                                                                      • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                      • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                      • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                      • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                      Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb KiUserCallbackDispatcher 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                      • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                      • DestroyWindow.USER32 ref: 00404035
                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040429C
                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                      • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                      • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Item$MessageSendShow$Long$CallbackDispatcherMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3964124867-0
                                                                                                                      • Opcode ID: e7f11a10533a611f3fe78e549378f399a66bd747c21cf404ab37e5123baac86e
                                                                                                                      • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                      • Opcode Fuzzy Hash: e7f11a10533a611f3fe78e549378f399a66bd747c21cf404ab37e5123baac86e
                                                                                                                      • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                      Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                        • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                      • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                      • lstrlenW.KERNEL32(00432EA0,?,?,?,00432EA0,00000000,C:\Users\user\PCAppStore,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,771B3420), ref: 00403CED
                                                                                                                      • lstrcmpiW.KERNEL32(00432E98,.exe,00432EA0,?,?,?,00432EA0,00000000,C:\Users\user\PCAppStore,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                      • GetFileAttributesW.KERNEL32(00432EA0,?,00000000,?), ref: 00403D0B
                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\PCAppStore), ref: 00403D54
                                                                                                                        • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                      • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                      • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                      • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\PCAppStore$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$elete file:
                                                                                                                      • API String ID: 1975747703-2800611062
                                                                                                                      • Opcode ID: b5e4680adf6fab30abf8c31c9b96982c96c1f128c8b6e65fe06ccfbd791f05a2
                                                                                                                      • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                      • Opcode Fuzzy Hash: b5e4680adf6fab30abf8c31c9b96982c96c1f128c8b6e65fe06ccfbd791f05a2
                                                                                                                      • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                      Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\tKr6T60C1r.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                        • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\tKr6T60C1r.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                        • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\Desktop\tKr6T60C1r.exe,C:\Users\user\Desktop\tKr6T60C1r.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop\tKr6T60C1r.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                      • API String ID: 2803837635-2368798730
                                                                                                                      • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                      • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                      • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                      • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                      Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-406676 call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 549 406713-406717 529->549 550 40667c-406685 call 40657a 529->550 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                      APIs
                                                                                                                      • GetSystemDirectoryW.KERNEL32(00432EA0,00000400), ref: 00406695
                                                                                                                      • GetWindowsDirectoryW.KERNEL32(00432EA0,00000400,00000000,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,?,004055D6,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00000000,00424420,771B23A0), ref: 004066A8
                                                                                                                      • lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                      • lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,?,004055D6,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000), ref: 00406779
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp, xrefs: 0040674E
                                                                                                                      • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\, xrefs: 0040659F
                                                                                                                      • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\$C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                      • API String ID: 4260037668-479106360
                                                                                                                      • Opcode ID: 71c82525ba0a65243e1f04eb87fe478d36a31e86dfe70ef8bf5ce9ddd18f012c
                                                                                                                      • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                      • Opcode Fuzzy Hash: 71c82525ba0a65243e1f04eb87fe478d36a31e86dfe70ef8bf5ce9ddd18f012c
                                                                                                                      • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                      Function 004032B4 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 166COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-40349a call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403418 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 610->609 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CountTick$wsprintf
                                                                                                                      • String ID: *B$ DB$ A$ A$... %d%%$tClientRect$}8@
                                                                                                                      • API String ID: 551687249-400812307
                                                                                                                      • Opcode ID: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                      • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                      • Opcode Fuzzy Hash: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                      • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                      Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                      APIs
                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,00441000,?,?,00000031), ref: 004017D5
                                                                                                                        • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                        • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00403418), ref: 004055FA
                                                                                                                        • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\), ref: 0040560C
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp$C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\inetc.dll$get
                                                                                                                      • API String ID: 1941528284-344079025
                                                                                                                      • Opcode ID: f7e64eeb5d3c4bf8a05a3440747446d68def3c8d7aa8c7c6583b7de4a42550af
                                                                                                                      • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                      • Opcode Fuzzy Hash: f7e64eeb5d3c4bf8a05a3440747446d68def3c8d7aa8c7c6583b7de4a42550af
                                                                                                                      • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                      Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                      • lstrlenW.KERNEL32(00403418,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00403418), ref: 004055FA
                                                                                                                      • SetWindowTextW.USER32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\), ref: 0040560C
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                        • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                        • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,?,004055D6,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000), ref: 00406779
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\
                                                                                                                      • API String ID: 1495540970-3608763154
                                                                                                                      • Opcode ID: 195069dcc2a5024ac29c7a45bf60c8768b6efe327543dfefb6c4dd5180e0e504
                                                                                                                      • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                      • Opcode Fuzzy Hash: 195069dcc2a5024ac29c7a45bf60c8768b6efe327543dfefb6c4dd5180e0e504
                                                                                                                      • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                      Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 713 402720-40272f call 40649d 712->713 714 40287e-402886 712->714 713->714 718 402735 713->718 714->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->714 722 402766-40276b 721->722 722->714 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->714 733 402801 724->733 730 402785-402797 MultiByteToWideChar 726->730 731 40283a-402846 call 406484 726->731 727->714 727->724 730->733 734 402799-40279c 730->734 731->710 736 402804-402807 733->736 737 40279e-4027a9 734->737 736->731 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 746 402817-40282a 741->746 744 402851-402855 742->744 745 40286c-402878 SetFilePointer 742->745 743->733 747 402857-40285b 744->747 748 40285d-40286a 744->748 745->714 746->714 749 40282c-402832 746->749 747->745 747->748 748->714 749->719 750 402838 749->750 750->714
                                                                                                                      APIs
                                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                        • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                      • String ID: 9
                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                      • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                      • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                      • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                      • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                      Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                      APIs
                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                      • wsprintfW.USER32 ref: 004068EC
                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                                                      • API String ID: 2200240437-1946221925
                                                                                                                      • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                      • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                      • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                      • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                      Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 758 405a6e-405ab9 CreateDirectoryW 759 405abb-405abd 758->759 760 405abf-405acc GetLastError 758->760 761 405ae6-405ae8 759->761 760->761 762 405ace-405ae2 SetFileSecurityW 760->762 762->759 763 405ae4 GetLastError 762->763 763->761
                                                                                                                      APIs
                                                                                                                      • CreateDirectoryW.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                      • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                      • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 3449924974-2382934351
                                                                                                                      • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                      • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                      • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                      • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                      Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 764 401d81-401d85 765 401d94-401d9a GetDlgItem 764->765 766 401d87-401d92 call 402d84 764->766 767 401da0-401dcc 765->767 766->767 770 401dd7 767->770 771 401dce-401dd5 call 402da6 767->771 773 401ddb-401e31 GetClientRect LoadImageW SendMessageW 770->773 771->773 775 401e33-401e36 773->775 776 401e3f-401e42 773->776 775->776 777 401e38-401e39 DeleteObject 775->777 778 401e48 776->778 779 402c2a-402c39 776->779 777->776 778->779
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                      • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                      • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                      • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1849352358-0
                                                                                                                      • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                      • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                      • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                      • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                      Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 782 401c43-401c63 call 402d84 * 2 787 401c65-401c6c call 402da6 782->787 788 401c6f-401c73 782->788 787->788 790 401c75-401c7c call 402da6 788->790 791 401c7f-401c85 788->791 790->791 794 401cd3-401cfd call 402da6 * 2 FindWindowExW 791->794 795 401c87-401ca3 call 402d84 * 2 791->795 805 401d03 794->805 806 401cc3-401cd1 SendMessageW 795->806 807 401ca5-401cc1 SendMessageTimeoutW 795->807 808 401d06-401d09 805->808 806->805 807->808 809 402c2a-402c39 808->809 810 401d0f 808->810 810->809
                                                                                                                      APIs
                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                      • String ID: !
                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                      • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                      • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                      • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                      • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                      Function 004020D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                        • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00403418), ref: 004055FA
                                                                                                                        • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\), ref: 0040560C
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                      • String ID: (XR
                                                                                                                      • API String ID: 334405425-1041770958
                                                                                                                      • Opcode ID: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                      • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                      • Opcode Fuzzy Hash: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                      • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                      Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                      • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp
                                                                                                                      • API String ID: 2655323295-467897499
                                                                                                                      • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                      • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                      • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                      • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                      Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405C69,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                      • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405C69,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                      • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405C69,?,771B3420,C:\Users\user~1\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                      • String ID: C:\$C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 3248276644-1077792641
                                                                                                                      • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                      • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                      • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                      • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                      Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                      • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\$nsa
                                                                                                                      • API String ID: 1716503409-3083371207
                                                                                                                      • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                      • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                      • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                      • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                      Function 00401B9B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalFree.KERNEL32(00525828), ref: 00401C0B
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                        • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                        • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,?,004055D6,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000), ref: 00406779
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                      • String ID: (XR$get
                                                                                                                      • API String ID: 3292104215-3994710463
                                                                                                                      • Opcode ID: f7499587b74b1f9cb3fce9f730428132cfcdd1475af0708a05741156e8f6fa82
                                                                                                                      • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                      • Opcode Fuzzy Hash: f7499587b74b1f9cb3fce9f730428132cfcdd1475af0708a05741156e8f6fa82
                                                                                                                      • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                      Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNEL32(?,771B3420,00000000,C:\Users\user~1\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 1100898210-2382934351
                                                                                                                      • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                      • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                      • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                      • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                      Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Enum$CloseValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 397863658-0
                                                                                                                      • Opcode ID: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                      • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                      • Opcode Fuzzy Hash: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                      • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                      Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                        • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                      • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1655745494-0
                                                                                                                      • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                      • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                      • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                      • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                      Function 00401F12 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                        • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                        • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 4215836453-2766056989
                                                                                                                      • Opcode ID: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                      • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                      • Opcode Fuzzy Hash: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                      • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                      Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: x
                                                                                                                      • API String ID: 3850602802-2363233923
                                                                                                                      • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                      • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                                                                      • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                      • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                                                                      Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405C69,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                        • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                        • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00441000,?,00000000,000000F0), ref: 0040164D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1892508949-0
                                                                                                                      • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                      • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                      • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                      • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                      Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseQueryValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3356406503-0
                                                                                                                      • Opcode ID: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                      • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                      • Opcode Fuzzy Hash: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                      • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                      • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                      • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                      • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                      • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                      Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnableShow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1136574915-0
                                                                                                                      • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                      • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                      • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                      • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                      Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3712363035-0
                                                                                                                      • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                      • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                      • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                      • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                      Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                        • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                        • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                        • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2547128583-0
                                                                                                                      • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                      • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                      • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                      • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                      Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                      • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InvalidateMessageRectSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 909852535-0
                                                                                                                      • Opcode ID: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                      • Instruction ID: 5efb85e177e5feb05262591b5578bbf68be0fc1facb886aaf0ec985341d6bcc2
                                                                                                                      • Opcode Fuzzy Hash: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                      • Instruction Fuzzy Hash: CEE08C72700008FFEB01CBA4EE84DAEB779FB40315B00007AF502A00A0D7300D40DA28
                                                                                                                      Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\tKr6T60C1r.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                      • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 415043291-0
                                                                                                                      • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                      • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                      • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                      • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                      Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AttributesFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3188754299-0
                                                                                                                      • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                      • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                      • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                      • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                      Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\, xrefs: 00403B31
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\
                                                                                                                      • API String ID: 2962429428-3608763154
                                                                                                                      • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                      • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                      • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                      • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                      Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                      • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1375471231-0
                                                                                                                      • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                      • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                      • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                      • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                      Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                        • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000,00424420,771B23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                        • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00403418), ref: 004055FA
                                                                                                                        • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\), ref: 0040560C
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                        • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                        • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                        • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                        • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                        • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                        • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1543427666-0
                                                                                                                      • Opcode ID: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                      • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                      • Opcode Fuzzy Hash: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                      • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                      Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointer.KERNEL32(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                        • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointerwsprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 327478801-0
                                                                                                                      • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                      • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                      • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                      • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                      Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Create
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2289755597-0
                                                                                                                      • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                      • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                      • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                      • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                      Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3934441357-0
                                                                                                                      • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                      • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                      • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                      • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                      Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                      • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                      • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                      • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                      Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00650000,00432EA0,?,00650000,?,00406438,?,00000000,00650000,00650000,00432EA0,?), ref: 004063CE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Open
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 71445658-0
                                                                                                                      • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                      • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                      • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                      • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                      Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                        • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,?,004055D6,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000), ref: 00406779
                                                                                                                      • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemTextlstrcatlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 281422827-0
                                                                                                                      • Opcode ID: 686190c6e4e1e5cc0914df72c0c951126eb576f2e70f28df627782bea9933419
                                                                                                                      • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                      • Opcode Fuzzy Hash: 686190c6e4e1e5cc0914df72c0c951126eb576f2e70f28df627782bea9933419
                                                                                                                      • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                      Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00020456,00000000,00000000,00000000), ref: 004044F7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                      • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                      • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                      • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                      Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExecuteShell
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 587946157-0
                                                                                                                      • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                      • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                      • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                      • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                      Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                      • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                      • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                      • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                      Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                      • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                      • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                      • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                      Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2492992576-0
                                                                                                                      • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                      • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                      • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                      • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D

                                                                                                                      Non-executed Functions

                                                                                                                      Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                      • lstrcmpiW.KERNEL32(00432EA0,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                      • lstrcatW.KERNEL32(?,00432EA0), ref: 00404AFD
                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                        • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                        • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                        • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                        • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                        • Part of subcall function 004067C4: CharPrevW.USER32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                        • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                        • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                        • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp, xrefs: 004049A3
                                                                                                                      • A, xrefs: 00404AAD
                                                                                                                      • C:\Users\user\PCAppStore, xrefs: 00404ADA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                      • String ID: A$C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp$C:\Users\user\PCAppStore
                                                                                                                      • API String ID: 2624150263-1463265315
                                                                                                                      • Opcode ID: aac53df244383e2a07a9d2c6e377dc106276e891bc31ab3524a37a2d2ad96109
                                                                                                                      • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                      • Opcode Fuzzy Hash: aac53df244383e2a07a9d2c6e377dc106276e891bc31ab3524a37a2d2ad96109
                                                                                                                      • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                      Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInstance
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 542301482-0
                                                                                                                      • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                      • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                      • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                      • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                      Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFindFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1974802433-0
                                                                                                                      • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                      • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                      • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                      • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                      Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                      • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                      • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                      • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                      Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                      • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                      • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                      • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                      Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                      • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                        • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                      • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                      • String ID: $M$N
                                                                                                                      • API String ID: 2564846305-813528018
                                                                                                                      • Opcode ID: dd942b7cbeaa18c8cf4828e28d43e61687b6a80dcb186ef465745c56d9013c5d
                                                                                                                      • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                      • Opcode Fuzzy Hash: dd942b7cbeaa18c8cf4828e28d43e61687b6a80dcb186ef465745c56d9013c5d
                                                                                                                      • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                      Function 00404658 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                      • GetSysColor.USER32(?), ref: 00404738
                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                      • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                      • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                      • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                      • String ID: N
                                                                                                                      • API String ID: 3103080414-1130791706
                                                                                                                      • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                      • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                      • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                      • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                      • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                      • String ID: F
                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                      • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                      • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                      • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                      • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                      Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                      • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                        • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                        • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                      • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                      • wsprintfA.USER32 ref: 00406202
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                      • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                        • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\tKr6T60C1r.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                        • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                                                      • API String ID: 2171350718-461813615
                                                                                                                      • Opcode ID: 6dbc896bee28fc2cd17c6beb7c7e3b01e9a95bb407788db3ff507c40593cf796
                                                                                                                      • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                      • Opcode Fuzzy Hash: 6dbc896bee28fc2cd17c6beb7c7e3b01e9a95bb407788db3ff507c40593cf796
                                                                                                                      • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                      Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                      • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                      • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                      • GetSysColor.USER32(?), ref: 00404586
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                      • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2320649405-0
                                                                                                                      • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                      • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                      • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                      • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                      Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                      • CharNextW.USER32(?,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                      • CharPrevW.USER32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,00403508,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                      • String ID: *?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 589700163-1439852002
                                                                                                                      • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                      • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                      • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                      • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                      Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                      • GetMessagePos.USER32 ref: 00404E77
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                      • String ID: f
                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                      • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                      • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                      • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                      • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                      Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(?), ref: 00401E51
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                        • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                        • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,?,004055D6,C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\,00000000), ref: 00406779
                                                                                                                      • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                      • API String ID: 2584051700-76309092
                                                                                                                      • Opcode ID: 7613f5a947f4bbf8195753a17fba9eaca46e1d6fc564812dac8d5fa739d0f051
                                                                                                                      • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                      • Opcode Fuzzy Hash: 7613f5a947f4bbf8195753a17fba9eaca46e1d6fc564812dac8d5fa739d0f051
                                                                                                                      • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                      Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                      • MulDiv.KERNEL32(0001ACC2,00000064,0001D630), ref: 00402FDC
                                                                                                                      • wsprintfW.USER32 ref: 00402FEC
                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                      Strings
                                                                                                                      • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                      • String ID: verifying installer: %d%%
                                                                                                                      • API String ID: 1451636040-82062127
                                                                                                                      • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                      • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                      • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                      • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                      Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2667972263-0
                                                                                                                      • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                      • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                      • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                      • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                      Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEnum$DeleteValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1354259210-0
                                                                                                                      • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                      • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                      • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                      • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                      Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                      • wsprintfW.USER32 ref: 00404DF0
                                                                                                                      • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                      • String ID: %u.%u%s%s
                                                                                                                      • API String ID: 3540041739-3551169577
                                                                                                                      • Opcode ID: f5c410226751388561f0977026f7bc113d9509f0ffdd9d2834ff72966f8c02b6
                                                                                                                      • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                      • Opcode Fuzzy Hash: f5c410226751388561f0977026f7bc113d9509f0ffdd9d2834ff72966f8c02b6
                                                                                                                      • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                      Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,771B3420,?,C:\Users\user~1\AppData\Local\Temp\,00405C69,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                      • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                      • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext
                                                                                                                      • String ID: C:\
                                                                                                                      • API String ID: 3213498283-3404278061
                                                                                                                      • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                      • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                      • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                      • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                      Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,0040351A,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,0040351A,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 2659869361-2382934351
                                                                                                                      • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                      • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                      • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                      • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                      Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\inetc.dll), ref: 00402695
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp$C:\Users\user~1\AppData\Local\Temp\nshAA58.tmp\inetc.dll
                                                                                                                      • API String ID: 1659193697-3701967254
                                                                                                                      • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                      • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                      • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                      • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                      Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                      • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                      • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2102729457-0
                                                                                                                      • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                      • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                      • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                      • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                      Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                        • Part of subcall function 004044E5: SendMessageW.USER32(00020456,00000000,00000000,00000000), ref: 004044F7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                      • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                      • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                      • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                      • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                      Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                      • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2150042024.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2150014723.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150059223.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150075402.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2150339654.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_tKr6T60C1r.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 190613189-0
                                                                                                                      • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                      • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                      • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                      • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:7.7%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:1.9%
                                                                                                                      Total number of Nodes:1494
                                                                                                                      Total number of Limit Nodes:53
                                                                                                                      execution_graph 12180 403640 SetErrorMode GetVersionExW 12181 403692 GetVersionExW 12180->12181 12182 4036ca 12180->12182 12181->12182 12183 403723 12182->12183 12184 406a35 5 API calls 12182->12184 12271 4069c5 GetSystemDirectoryW 12183->12271 12184->12183 12186 403739 lstrlenA 12186->12183 12187 403749 12186->12187 12274 406a35 GetModuleHandleA 12187->12274 12190 406a35 5 API calls 12191 403757 12190->12191 12192 406a35 5 API calls 12191->12192 12193 403763 #17 OleInitialize SHGetFileInfoW 12192->12193 12280 406668 lstrcpynW 12193->12280 12196 4037b0 GetCommandLineW 12281 406668 lstrcpynW 12196->12281 12198 4037c2 12282 405f64 12198->12282 12201 4038f7 12202 40390b GetTempPathW 12201->12202 12286 40360f 12202->12286 12204 403923 12205 403927 GetWindowsDirectoryW lstrcatW 12204->12205 12206 40397d DeleteFileW 12204->12206 12209 40360f 12 API calls 12205->12209 12296 4030d0 GetTickCount GetModuleFileNameW 12206->12296 12207 405f64 CharNextW 12208 4037f9 12207->12208 12208->12201 12208->12207 12214 4038f9 12208->12214 12211 403943 12209->12211 12211->12206 12213 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 12211->12213 12212 403990 12218 405f64 CharNextW 12212->12218 12244 403a54 12212->12244 12255 403a45 12212->12255 12217 40360f 12 API calls 12213->12217 12383 406668 lstrcpynW 12214->12383 12221 403975 12217->12221 12224 4039b2 12218->12224 12221->12206 12221->12244 12222 403b91 12226 403b99 GetCurrentProcess OpenProcessToken 12222->12226 12227 403c0f ExitProcess 12222->12227 12223 403b7c 12446 405cc8 12223->12446 12229 403a1b 12224->12229 12230 403a5c 12224->12230 12232 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 12226->12232 12233 403bdf 12226->12233 12384 40603f 12229->12384 12400 405c33 12230->12400 12232->12233 12234 406a35 5 API calls 12233->12234 12240 403be6 12234->12240 12239 403bfb ExitWindowsEx 12239->12227 12243 403c08 12239->12243 12240->12239 12240->12243 12241 403a72 lstrcatW 12242 403a7d lstrcatW lstrcmpiW 12241->12242 12242->12244 12245 403a9d 12242->12245 12450 40140b 12243->12450 12437 403c25 12244->12437 12248 403aa2 12245->12248 12249 403aa9 12245->12249 12403 405b99 CreateDirectoryW 12248->12403 12408 405c16 CreateDirectoryW 12249->12408 12250 403a3a 12399 406668 lstrcpynW 12250->12399 12254 403aae SetCurrentDirectoryW 12257 403ac0 12254->12257 12258 403acb 12254->12258 12326 403d17 12255->12326 12411 406668 lstrcpynW 12257->12411 12412 406668 lstrcpynW 12258->12412 12263 403b19 CopyFileW 12268 403ad8 12263->12268 12264 403b63 12265 406428 36 API calls 12264->12265 12265->12244 12267 4066a5 17 API calls 12267->12268 12268->12264 12268->12267 12270 403b4d CloseHandle 12268->12270 12413 4066a5 12268->12413 12430 406428 MoveFileExW 12268->12430 12434 405c4b CreateProcessW 12268->12434 12270->12268 12272 4069e7 wsprintfW LoadLibraryExW 12271->12272 12272->12186 12275 406a51 12274->12275 12276 406a5b GetProcAddress 12274->12276 12277 4069c5 3 API calls 12275->12277 12278 403750 12276->12278 12279 406a57 12277->12279 12278->12190 12279->12276 12279->12278 12280->12196 12281->12198 12283 405f6a 12282->12283 12284 4037e8 CharNextW 12283->12284 12285 405f71 CharNextW 12283->12285 12284->12208 12285->12283 12453 4068ef 12286->12453 12288 403625 12288->12204 12289 40361b 12289->12288 12462 405f37 lstrlenW CharPrevW 12289->12462 12292 405c16 2 API calls 12293 403633 12292->12293 12465 406187 12293->12465 12469 406158 GetFileAttributesW CreateFileW 12296->12469 12298 403113 12325 403120 12298->12325 12470 406668 lstrcpynW 12298->12470 12300 403136 12471 405f83 lstrlenW 12300->12471 12304 403147 GetFileSize 12319 403241 12304->12319 12324 40315e 12304->12324 12308 403286 GlobalAlloc 12311 40329d 12308->12311 12310 4032de 12313 40302e 32 API calls 12310->12313 12315 406187 2 API calls 12311->12315 12312 403267 12314 4035e2 ReadFile 12312->12314 12313->12325 12316 403272 12314->12316 12318 4032ae CreateFileW 12315->12318 12316->12308 12316->12325 12317 40302e 32 API calls 12317->12324 12320 4032e8 12318->12320 12318->12325 12476 40302e 12319->12476 12491 4035f8 SetFilePointer 12320->12491 12322 4032f6 12492 403371 12322->12492 12324->12310 12324->12317 12324->12319 12324->12325 12507 4035e2 12324->12507 12325->12212 12327 406a35 5 API calls 12326->12327 12328 403d2b 12327->12328 12329 403d43 12328->12329 12331 403d31 12328->12331 12563 406536 12329->12563 12562 4065af wsprintfW 12331->12562 12334 403d92 lstrcatW 12335 403d41 12334->12335 12554 403fed 12335->12554 12336 406536 3 API calls 12336->12334 12339 40603f 18 API calls 12340 403dc4 12339->12340 12341 403e58 12340->12341 12343 406536 3 API calls 12340->12343 12342 40603f 18 API calls 12341->12342 12344 403e5e 12342->12344 12345 403df6 12343->12345 12346 403e6e LoadImageW 12344->12346 12347 4066a5 17 API calls 12344->12347 12345->12341 12350 403e17 lstrlenW 12345->12350 12355 405f64 CharNextW 12345->12355 12348 403f14 12346->12348 12349 403e95 RegisterClassW 12346->12349 12347->12346 12353 40140b 2 API calls 12348->12353 12351 403f1e 12349->12351 12352 403ecb SystemParametersInfoW CreateWindowExW 12349->12352 12356 403e25 lstrcmpiW 12350->12356 12357 403e4b 12350->12357 12351->12244 12352->12348 12354 403f1a 12353->12354 12354->12351 12361 403fed 18 API calls 12354->12361 12359 403e14 12355->12359 12356->12357 12360 403e35 GetFileAttributesW 12356->12360 12358 405f37 3 API calls 12357->12358 12362 403e51 12358->12362 12359->12350 12363 403e41 12360->12363 12365 403f2b 12361->12365 12568 406668 lstrcpynW 12362->12568 12363->12357 12364 405f83 2 API calls 12363->12364 12364->12357 12367 403f37 ShowWindow 12365->12367 12368 403fba 12365->12368 12370 4069c5 3 API calls 12367->12370 12569 40579d OleInitialize 12368->12569 12372 403f4f 12370->12372 12371 403fc0 12373 403fc4 12371->12373 12374 403fdc 12371->12374 12375 403f5d GetClassInfoW 12372->12375 12377 4069c5 3 API calls 12372->12377 12373->12351 12380 40140b 2 API calls 12373->12380 12376 40140b 2 API calls 12374->12376 12378 403f71 GetClassInfoW RegisterClassW 12375->12378 12379 403f87 DialogBoxParamW 12375->12379 12376->12351 12377->12375 12378->12379 12381 40140b 2 API calls 12379->12381 12380->12351 12382 403faf 12381->12382 12382->12351 12383->12202 12591 406668 lstrcpynW 12384->12591 12386 406050 12592 405fe2 CharNextW CharNextW 12386->12592 12389 403a27 12389->12244 12398 406668 lstrcpynW 12389->12398 12390 4068ef 5 API calls 12396 406066 12390->12396 12391 406097 lstrlenW 12392 4060a2 12391->12392 12391->12396 12394 405f37 3 API calls 12392->12394 12395 4060a7 GetFileAttributesW 12394->12395 12395->12389 12396->12389 12396->12391 12397 405f83 2 API calls 12396->12397 12598 40699e FindFirstFileW 12396->12598 12397->12391 12398->12250 12399->12255 12401 406a35 5 API calls 12400->12401 12402 403a61 lstrcatW 12401->12402 12402->12241 12402->12242 12404 405bea GetLastError 12403->12404 12405 403aa7 12403->12405 12404->12405 12406 405bf9 SetFileSecurityW 12404->12406 12405->12254 12406->12405 12407 405c0f GetLastError 12406->12407 12407->12405 12409 405c26 12408->12409 12410 405c2a GetLastError 12408->12410 12409->12254 12410->12409 12411->12258 12412->12268 12417 4066b2 12413->12417 12414 4068d5 12415 403b0d DeleteFileW 12414->12415 12603 406668 lstrcpynW 12414->12603 12415->12263 12415->12268 12417->12414 12418 4068a3 lstrlenW 12417->12418 12421 406536 3 API calls 12417->12421 12422 4066a5 10 API calls 12417->12422 12423 4067ba GetSystemDirectoryW 12417->12423 12424 4067cd GetWindowsDirectoryW 12417->12424 12425 4067fc SHGetSpecialFolderLocation 12417->12425 12426 4066a5 10 API calls 12417->12426 12427 406844 lstrcatW 12417->12427 12428 4068ef 5 API calls 12417->12428 12601 4065af wsprintfW 12417->12601 12602 406668 lstrcpynW 12417->12602 12418->12417 12421->12417 12422->12418 12423->12417 12424->12417 12425->12417 12429 406814 SHGetPathFromIDListW CoTaskMemFree 12425->12429 12426->12417 12427->12417 12428->12417 12429->12417 12431 406449 12430->12431 12432 40643c 12430->12432 12431->12268 12604 4062ae 12432->12604 12435 405c8a 12434->12435 12436 405c7e CloseHandle 12434->12436 12435->12268 12436->12435 12438 403c40 12437->12438 12439 403c36 CloseHandle 12437->12439 12440 403c54 12438->12440 12441 403c4a CloseHandle 12438->12441 12439->12438 12638 403c82 12440->12638 12441->12440 12449 405cdd 12446->12449 12447 403b89 ExitProcess 12448 405cf1 MessageBoxIndirectW 12448->12447 12449->12447 12449->12448 12451 401389 2 API calls 12450->12451 12452 401420 12451->12452 12452->12227 12454 4068fc 12453->12454 12456 406972 12454->12456 12457 406965 CharNextW 12454->12457 12459 405f64 CharNextW 12454->12459 12460 406951 CharNextW 12454->12460 12461 406960 CharNextW 12454->12461 12455 406977 CharPrevW 12455->12456 12456->12455 12458 406998 12456->12458 12457->12454 12457->12456 12458->12289 12459->12454 12460->12454 12461->12457 12463 405f53 lstrcatW 12462->12463 12464 40362d 12462->12464 12463->12464 12464->12292 12466 406194 GetTickCount GetTempFileNameW 12465->12466 12467 40363e 12466->12467 12468 4061ca 12466->12468 12467->12204 12468->12466 12468->12467 12469->12298 12470->12300 12472 405f91 12471->12472 12473 40313c 12472->12473 12474 405f97 CharPrevW 12472->12474 12475 406668 lstrcpynW 12473->12475 12474->12472 12474->12473 12475->12304 12477 403057 12476->12477 12478 40303f 12476->12478 12480 403067 GetTickCount 12477->12480 12481 40305f 12477->12481 12479 403048 DestroyWindow 12478->12479 12484 40304f 12478->12484 12479->12484 12483 403075 12480->12483 12480->12484 12511 406a71 12481->12511 12485 4030aa CreateDialogParamW ShowWindow 12483->12485 12486 40307d 12483->12486 12484->12308 12484->12325 12510 4035f8 SetFilePointer 12484->12510 12485->12484 12486->12484 12515 403012 12486->12515 12488 40308b wsprintfW 12518 4056ca 12488->12518 12491->12322 12493 403380 SetFilePointer 12492->12493 12494 40339c 12492->12494 12493->12494 12529 403479 GetTickCount 12494->12529 12499 403479 42 API calls 12500 4033d3 12499->12500 12501 40343f ReadFile 12500->12501 12503 403439 12500->12503 12505 4033e2 12500->12505 12501->12503 12503->12325 12504 4061db ReadFile 12504->12505 12505->12503 12505->12504 12544 40620a WriteFile 12505->12544 12508 4061db ReadFile 12507->12508 12509 4035f5 12508->12509 12509->12324 12510->12312 12512 406a8e PeekMessageW 12511->12512 12513 406a84 DispatchMessageW 12512->12513 12514 406a9e 12512->12514 12513->12512 12514->12484 12516 403021 12515->12516 12517 403023 MulDiv 12515->12517 12516->12517 12517->12488 12519 4056e5 12518->12519 12520 4030a8 12518->12520 12521 405701 lstrlenW 12519->12521 12522 4066a5 17 API calls 12519->12522 12520->12484 12523 40572a 12521->12523 12524 40570f lstrlenW 12521->12524 12522->12521 12526 405730 SetWindowTextW 12523->12526 12527 40573d 12523->12527 12524->12520 12525 405721 lstrcatW 12524->12525 12525->12523 12526->12527 12527->12520 12528 405743 SendMessageW SendMessageW SendMessageW 12527->12528 12528->12520 12530 4035d1 12529->12530 12531 4034a7 12529->12531 12532 40302e 32 API calls 12530->12532 12546 4035f8 SetFilePointer 12531->12546 12535 4033a3 12532->12535 12534 4034b2 SetFilePointer 12537 4034d7 12534->12537 12535->12503 12542 4061db ReadFile 12535->12542 12536 4035e2 ReadFile 12536->12537 12537->12535 12537->12536 12539 40302e 32 API calls 12537->12539 12540 40620a WriteFile 12537->12540 12541 4035b2 SetFilePointer 12537->12541 12547 406bb0 12537->12547 12539->12537 12540->12537 12541->12530 12543 4033bc 12542->12543 12543->12499 12543->12503 12545 406228 12544->12545 12545->12505 12546->12534 12548 406bd5 12547->12548 12549 406bdd 12547->12549 12548->12537 12549->12548 12550 406c64 GlobalFree 12549->12550 12551 406c6d GlobalAlloc 12549->12551 12552 406ce4 GlobalAlloc 12549->12552 12553 406cdb GlobalFree 12549->12553 12550->12551 12551->12548 12551->12549 12552->12548 12552->12549 12553->12552 12555 404001 12554->12555 12576 4065af wsprintfW 12555->12576 12557 404072 12577 4040a6 12557->12577 12559 403da2 12559->12339 12560 404077 12560->12559 12561 4066a5 17 API calls 12560->12561 12561->12560 12562->12335 12580 4064d5 12563->12580 12566 403d73 12566->12334 12566->12336 12567 40656a RegQueryValueExW RegCloseKey 12567->12566 12568->12341 12584 404610 12569->12584 12571 4057c0 12574 4057e7 12571->12574 12587 401389 12571->12587 12572 404610 SendMessageW 12573 4057f9 OleUninitialize 12572->12573 12573->12371 12574->12572 12576->12557 12578 4066a5 17 API calls 12577->12578 12579 4040b4 SetWindowTextW 12578->12579 12579->12560 12581 4064e4 12580->12581 12582 4064e8 12581->12582 12583 4064ed RegOpenKeyExW 12581->12583 12582->12566 12582->12567 12583->12582 12585 404628 12584->12585 12586 404619 SendMessageW 12584->12586 12585->12571 12586->12585 12589 401390 12587->12589 12588 4013fe 12588->12571 12589->12588 12590 4013cb MulDiv SendMessageW 12589->12590 12590->12589 12591->12386 12593 405fff 12592->12593 12594 406011 12592->12594 12593->12594 12595 40600c CharNextW 12593->12595 12596 405f64 CharNextW 12594->12596 12597 406035 12594->12597 12595->12597 12596->12594 12597->12389 12597->12390 12599 4069b4 FindClose 12598->12599 12600 4069bf 12598->12600 12599->12600 12600->12396 12601->12417 12602->12417 12603->12415 12605 406304 GetShortPathNameW 12604->12605 12606 4062de 12604->12606 12607 406423 12605->12607 12608 406319 12605->12608 12631 406158 GetFileAttributesW CreateFileW 12606->12631 12607->12431 12608->12607 12610 406321 wsprintfA 12608->12610 12612 4066a5 17 API calls 12610->12612 12611 4062e8 CloseHandle GetShortPathNameW 12611->12607 12613 4062fc 12611->12613 12614 406349 12612->12614 12613->12605 12613->12607 12632 406158 GetFileAttributesW CreateFileW 12614->12632 12616 406356 12616->12607 12617 406365 GetFileSize GlobalAlloc 12616->12617 12618 406387 12617->12618 12619 40641c CloseHandle 12617->12619 12620 4061db ReadFile 12618->12620 12619->12607 12621 40638f 12620->12621 12621->12619 12633 4060bd lstrlenA 12621->12633 12624 4063a6 lstrcpyA 12627 4063c8 12624->12627 12625 4063ba 12626 4060bd 4 API calls 12625->12626 12626->12627 12628 4063ff SetFilePointer 12627->12628 12629 40620a WriteFile 12628->12629 12630 406415 GlobalFree 12629->12630 12630->12619 12631->12611 12632->12616 12634 4060fe lstrlenA 12633->12634 12635 406106 12634->12635 12636 4060d7 lstrcmpiA 12634->12636 12635->12624 12635->12625 12636->12635 12637 4060f5 CharNextA 12636->12637 12637->12634 12639 403c90 12638->12639 12640 403c59 12639->12640 12641 403c95 FreeLibrary GlobalFree 12639->12641 12642 405d74 12640->12642 12641->12640 12641->12641 12643 40603f 18 API calls 12642->12643 12644 405d94 12643->12644 12645 405db3 12644->12645 12646 405d9c DeleteFileW 12644->12646 12648 405ede 12645->12648 12682 406668 lstrcpynW 12645->12682 12647 403b71 OleUninitialize 12646->12647 12647->12222 12647->12223 12648->12647 12654 40699e 2 API calls 12648->12654 12650 405dd9 12651 405dec 12650->12651 12652 405ddf lstrcatW 12650->12652 12653 405f83 2 API calls 12651->12653 12655 405df2 12652->12655 12653->12655 12658 405ef8 12654->12658 12656 405e02 lstrcatW 12655->12656 12657 405df8 12655->12657 12659 405e0d lstrlenW FindFirstFileW 12656->12659 12657->12656 12657->12659 12658->12647 12660 405efc 12658->12660 12661 405ed3 12659->12661 12662 405e2f 12659->12662 12663 405f37 3 API calls 12660->12663 12661->12648 12665 405eb6 FindNextFileW 12662->12665 12675 405d74 60 API calls 12662->12675 12677 4056ca 24 API calls 12662->12677 12680 4056ca 24 API calls 12662->12680 12681 406428 36 API calls 12662->12681 12683 406668 lstrcpynW 12662->12683 12684 405d2c 12662->12684 12664 405f02 12663->12664 12666 405d2c 5 API calls 12664->12666 12665->12662 12669 405ecc FindClose 12665->12669 12668 405f0e 12666->12668 12670 405f12 12668->12670 12671 405f28 12668->12671 12669->12661 12670->12647 12674 4056ca 24 API calls 12670->12674 12673 4056ca 24 API calls 12671->12673 12673->12647 12676 405f1f 12674->12676 12675->12662 12678 406428 36 API calls 12676->12678 12677->12665 12679 405f26 12678->12679 12679->12647 12680->12662 12681->12662 12682->12650 12683->12662 12692 406133 GetFileAttributesW 12684->12692 12687 405d59 12687->12662 12688 405d47 RemoveDirectoryW 12690 405d55 12688->12690 12689 405d4f DeleteFileW 12689->12690 12690->12687 12691 405d65 SetFileAttributesW 12690->12691 12691->12687 12693 405d38 12692->12693 12694 406145 SetFileAttributesW 12692->12694 12693->12687 12693->12688 12693->12689 12694->12693 12695 401941 12696 401943 12695->12696 12701 402da6 12696->12701 12699 405d74 67 API calls 12700 401951 12699->12700 12702 402db2 12701->12702 12703 4066a5 17 API calls 12702->12703 12704 402dd3 12703->12704 12705 401948 12704->12705 12706 4068ef 5 API calls 12704->12706 12705->12699 12706->12705 12860 402950 12861 402da6 17 API calls 12860->12861 12863 40295c 12861->12863 12862 402972 12864 406133 2 API calls 12862->12864 12863->12862 12865 402da6 17 API calls 12863->12865 12866 402978 12864->12866 12865->12862 12888 406158 GetFileAttributesW CreateFileW 12866->12888 12868 402985 12869 402a3b 12868->12869 12870 4029a0 GlobalAlloc 12868->12870 12871 402a23 12868->12871 12872 402a42 DeleteFileW 12869->12872 12873 402a55 12869->12873 12870->12871 12874 4029b9 12870->12874 12875 403371 44 API calls 12871->12875 12872->12873 12889 4035f8 SetFilePointer 12874->12889 12877 402a30 CloseHandle 12875->12877 12877->12869 12878 4029bf 12879 4035e2 ReadFile 12878->12879 12880 4029c8 GlobalAlloc 12879->12880 12881 4029d8 12880->12881 12882 402a0c 12880->12882 12884 403371 44 API calls 12881->12884 12883 40620a WriteFile 12882->12883 12885 402a18 GlobalFree 12883->12885 12887 4029e5 12884->12887 12885->12871 12886 402a03 GlobalFree 12886->12882 12887->12886 12888->12868 12889->12878 15049 402b59 15050 402b60 15049->15050 15051 402bab 15049->15051 15053 402d84 17 API calls 15050->15053 15059 402ba9 15050->15059 15052 406a35 5 API calls 15051->15052 15054 402bb2 15052->15054 15055 402b6e 15053->15055 15056 402da6 17 API calls 15054->15056 15057 402d84 17 API calls 15055->15057 15058 402bbb 15056->15058 15062 402b7a 15057->15062 15058->15059 15060 402bbf IIDFromString 15058->15060 15060->15059 15061 402bce 15060->15061 15061->15059 15067 406668 lstrcpynW 15061->15067 15066 4065af wsprintfW 15062->15066 15064 402beb CoTaskMemFree 15064->15059 15066->15059 15067->15064 13947 402a5b 13948 402d84 17 API calls 13947->13948 13949 402a61 13948->13949 13950 402aa4 13949->13950 13951 402a88 13949->13951 13958 40292e 13949->13958 13954 402abe 13950->13954 13955 402aae 13950->13955 13952 402a8d 13951->13952 13953 402a9e 13951->13953 13961 406668 lstrcpynW 13952->13961 13953->13958 13962 4065af wsprintfW 13953->13962 13957 4066a5 17 API calls 13954->13957 13956 402d84 17 API calls 13955->13956 13956->13953 13957->13953 13961->13958 13962->13958 13491 40175c 13492 402da6 17 API calls 13491->13492 13493 401763 13492->13493 13494 406187 2 API calls 13493->13494 13495 40176a 13494->13495 13496 406187 2 API calls 13495->13496 13496->13495 15079 401563 15080 402ba4 15079->15080 15083 4065af wsprintfW 15080->15083 15082 402ba9 15083->15082 15102 401968 15103 402d84 17 API calls 15102->15103 15104 40196f 15103->15104 15105 402d84 17 API calls 15104->15105 15106 40197c 15105->15106 15107 402da6 17 API calls 15106->15107 15108 401993 lstrlenW 15107->15108 15110 4019a4 15108->15110 15109 4019e5 15110->15109 15114 406668 lstrcpynW 15110->15114 15112 4019d5 15112->15109 15113 4019da lstrlenW 15112->15113 15113->15109 15114->15112 12819 40176f 12820 402da6 17 API calls 12819->12820 12821 401776 12820->12821 12822 401796 12821->12822 12823 40179e 12821->12823 12858 406668 lstrcpynW 12822->12858 12859 406668 lstrcpynW 12823->12859 12826 40179c 12830 4068ef 5 API calls 12826->12830 12827 4017a9 12828 405f37 3 API calls 12827->12828 12829 4017af lstrcatW 12828->12829 12829->12826 12845 4017bb 12830->12845 12831 40699e 2 API calls 12831->12845 12832 406133 2 API calls 12832->12845 12834 4017cd CompareFileTime 12834->12845 12835 40188d 12836 4056ca 24 API calls 12835->12836 12837 401897 12836->12837 12840 403371 44 API calls 12837->12840 12838 4056ca 24 API calls 12847 401879 12838->12847 12839 406668 lstrcpynW 12839->12845 12841 4018aa 12840->12841 12842 4018be SetFileTime 12841->12842 12844 4018d0 FindCloseChangeNotification 12841->12844 12842->12844 12843 4066a5 17 API calls 12843->12845 12846 4018e1 12844->12846 12844->12847 12845->12831 12845->12832 12845->12834 12845->12835 12845->12839 12845->12843 12852 405cc8 MessageBoxIndirectW 12845->12852 12855 401864 12845->12855 12857 406158 GetFileAttributesW CreateFileW 12845->12857 12848 4018e6 12846->12848 12849 4018f9 12846->12849 12850 4066a5 17 API calls 12848->12850 12851 4066a5 17 API calls 12849->12851 12853 4018ee lstrcatW 12850->12853 12854 401901 12851->12854 12852->12845 12853->12854 12854->12847 12856 405cc8 MessageBoxIndirectW 12854->12856 12855->12838 12855->12847 12856->12847 12857->12845 12858->12826 12859->12827 15460 40190c 15461 401943 15460->15461 15462 402da6 17 API calls 15461->15462 15463 401948 15462->15463 15464 405d74 67 API calls 15463->15464 15465 401951 15464->15465 13497 7017474b 13498 7017475e 13497->13498 13502 70174767 13497->13502 13506 7017478f 13498->13506 13527 70172c7e 13498->13527 13502->13498 13502->13506 13507 70174693 13502->13507 13503 701747af 13505 70174693 77 API calls 13503->13505 13503->13506 13504 70174693 77 API calls 13504->13503 13505->13506 13508 7017469a GetVersion 13507->13508 13512 70174718 13507->13512 13530 70177a9e HeapCreate 13508->13530 13510 701746ac 13511 70174712 13510->13511 13513 701746b5 GetCommandLineA 13510->13513 13511->13498 13512->13511 13514 7017473b 13512->13514 13601 70177867 13512->13601 13542 70178077 13513->13542 13604 70177d4e 13514->13604 13522 701746fd 13579 70177e2a 13522->13579 13524 70174702 13588 70177d71 13524->13588 13526 70174707 13526->13511 13817 70172bd3 13527->13817 13529 70172c97 13529->13503 13529->13504 13529->13506 13531 70177af4 13530->13531 13532 70177abe 13530->13532 13531->13510 13615 70177956 13532->13615 13535 70177acd 13627 701799ef HeapAlloc 13535->13627 13536 70177ada 13538 70177af7 13536->13538 13629 7017a240 13536->13629 13538->13510 13539 70177ad7 13539->13538 13541 70177ae8 HeapDestroy 13539->13541 13541->13531 13543 701780c5 13542->13543 13544 70178092 GetEnvironmentStringsW 13542->13544 13546 7017809a 13543->13546 13547 701780b6 13543->13547 13545 701780a6 GetEnvironmentStrings 13544->13545 13544->13546 13545->13547 13551 701746f3 13545->13551 13548 701780d2 GetEnvironmentStringsW 13546->13548 13549 701780de 13546->13549 13547->13551 13552 70178164 13547->13552 13553 70178158 GetEnvironmentStrings 13547->13553 13548->13549 13548->13551 13549->13549 13550 701780f3 WideCharToMultiByte 13549->13550 13554 70178144 FreeEnvironmentStringsW 13550->13554 13555 70178112 13550->13555 13565 70177ba3 13551->13565 13556 7017a864 12 API calls 13552->13556 13553->13551 13553->13552 13554->13551 13692 7017a864 13555->13692 13563 7017817f 13556->13563 13559 70178121 WideCharToMultiByte 13561 70178132 13559->13561 13562 7017813b 13559->13562 13560 70178195 FreeEnvironmentStringsA 13560->13551 13695 7017a916 13561->13695 13562->13554 13563->13560 13566 7017a864 12 API calls 13565->13566 13567 70177bb4 13566->13567 13570 70177bc2 GetStartupInfoA 13567->13570 13762 701747e8 13567->13762 13576 70177cd3 13570->13576 13578 70177c0e 13570->13578 13571 70177d3a SetHandleCount 13571->13522 13572 70177cfa GetStdHandle 13574 70177d08 GetFileType 13572->13574 13572->13576 13573 7017a864 12 API calls 13573->13578 13574->13576 13575 70177c7f 13575->13576 13577 70177ca1 GetFileType 13575->13577 13576->13571 13576->13572 13577->13575 13578->13573 13578->13575 13578->13576 13580 70177e41 GetModuleFileNameA 13579->13580 13581 70177e3c 13579->13581 13583 70177e64 13580->13583 13788 7017ad43 13581->13788 13584 7017a864 12 API calls 13583->13584 13585 70177e85 13584->13585 13586 70177e95 13585->13586 13587 701747e8 7 API calls 13585->13587 13586->13524 13587->13586 13589 70177d7e 13588->13589 13591 70177d83 13588->13591 13590 7017ad43 19 API calls 13589->13590 13590->13591 13592 7017a864 12 API calls 13591->13592 13593 70177db0 13592->13593 13595 701747e8 7 API calls 13593->13595 13600 70177dc4 13593->13600 13594 70177e07 13596 7017a916 7 API calls 13594->13596 13595->13600 13597 70177e13 13596->13597 13597->13526 13598 7017a864 12 API calls 13598->13600 13599 701747e8 7 API calls 13599->13600 13600->13594 13600->13598 13600->13599 13812 70177876 13601->13812 13605 70177d54 13604->13605 13606 7017a916 7 API calls 13605->13606 13607 70174740 13605->13607 13606->13605 13608 70177afb 13607->13608 13610 70177b07 13608->13610 13612 70177b6d 13608->13612 13609 70177b59 HeapFree 13611 70177b94 HeapDestroy 13609->13611 13610->13609 13613 70177b27 VirtualFree VirtualFree HeapFree 13610->13613 13611->13511 13612->13611 13614 70177b80 VirtualFree 13612->13614 13613->13609 13613->13613 13614->13612 13638 701799c0 13615->13638 13618 7017797f 13619 70177999 GetEnvironmentVariableA 13618->13619 13621 70177991 13618->13621 13620 70177a76 13619->13620 13623 701779b8 13619->13623 13620->13621 13643 70177929 GetModuleHandleA 13620->13643 13621->13535 13621->13536 13624 701779fd GetModuleFileNameA 13623->13624 13625 701779f5 13623->13625 13624->13625 13625->13620 13640 7017960a 13625->13640 13628 70179a0b 13627->13628 13628->13539 13630 7017a254 HeapAlloc 13629->13630 13631 7017a24d 13629->13631 13632 7017a271 VirtualAlloc 13630->13632 13637 7017a2a9 13630->13637 13631->13632 13633 7017a366 13632->13633 13634 7017a291 VirtualAlloc 13632->13634 13635 7017a36e HeapFree 13633->13635 13633->13637 13636 7017a358 VirtualFree 13634->13636 13634->13637 13635->13637 13636->13633 13637->13539 13637->13637 13639 70177963 GetVersionExA 13638->13639 13639->13618 13639->13619 13645 70179621 13640->13645 13644 70177940 13643->13644 13644->13621 13647 70179639 13645->13647 13648 70179669 13647->13648 13652 70178408 13647->13652 13649 70178408 6 API calls 13648->13649 13651 7017961d 13648->13651 13656 7017c37b 13648->13656 13649->13648 13651->13620 13653 70178426 13652->13653 13655 7017841a 13652->13655 13662 7017b21e 13653->13662 13655->13647 13657 7017c3a6 13656->13657 13661 7017c389 13656->13661 13658 7017c3c2 13657->13658 13659 70178408 6 API calls 13657->13659 13658->13661 13674 7017b367 13658->13674 13659->13658 13661->13648 13663 7017b24f GetStringTypeW 13662->13663 13664 7017b267 13662->13664 13663->13664 13667 7017b26b GetStringTypeA 13663->13667 13665 7017b2b6 13664->13665 13666 7017b292 GetStringTypeA 13664->13666 13668 7017b353 13665->13668 13670 7017b2cc MultiByteToWideChar 13665->13670 13666->13668 13667->13664 13667->13668 13668->13655 13670->13668 13671 7017b2f0 13670->13671 13671->13668 13672 7017b32a MultiByteToWideChar 13671->13672 13672->13668 13673 7017b343 GetStringTypeW 13672->13673 13673->13668 13675 7017b397 LCMapStringW 13674->13675 13676 7017b3b3 13674->13676 13675->13676 13677 7017b3bb LCMapStringA 13675->13677 13678 7017b3fc LCMapStringA 13676->13678 13679 7017b419 13676->13679 13677->13676 13685 7017b4f5 13677->13685 13678->13685 13680 7017b42f MultiByteToWideChar 13679->13680 13679->13685 13681 7017b459 13680->13681 13680->13685 13682 7017b48f MultiByteToWideChar 13681->13682 13681->13685 13683 7017b4a8 LCMapStringW 13682->13683 13682->13685 13684 7017b4c3 13683->13684 13683->13685 13686 7017b4c9 13684->13686 13687 7017b509 13684->13687 13685->13661 13686->13685 13688 7017b4d7 LCMapStringW 13686->13688 13687->13685 13689 7017b541 LCMapStringW 13687->13689 13688->13685 13689->13685 13690 7017b559 WideCharToMultiByte 13689->13690 13690->13685 13706 7017a876 13692->13706 13696 7017a922 13695->13696 13704 7017a93e 13695->13704 13697 7017a92c 13696->13697 13701 7017a942 13696->13701 13699 7017a96e HeapFree 13697->13699 13700 7017a938 13697->13700 13698 7017a96d 13698->13699 13699->13704 13743 70179a62 13700->13743 13701->13698 13703 7017a95c 13701->13703 13749 7017a4f3 13703->13749 13704->13562 13707 70178118 13706->13707 13709 7017a87d 13706->13709 13707->13554 13707->13559 13709->13707 13710 7017a8a2 13709->13710 13711 7017a8b1 13710->13711 13713 7017a8c6 13710->13713 13718 7017a8bf 13711->13718 13719 70179d8b 13711->13719 13714 7017a905 HeapAlloc 13713->13714 13713->13718 13725 7017a538 13713->13725 13715 7017a914 13714->13715 13715->13709 13716 7017a8c4 13716->13709 13718->13714 13718->13715 13718->13716 13723 70179dbd 13719->13723 13720 70179e5c 13722 70179e6b 13720->13722 13739 7017a145 13720->13739 13722->13718 13723->13720 13723->13722 13732 7017a094 13723->13732 13730 7017a546 13725->13730 13726 7017a632 VirtualAlloc 13731 7017a603 13726->13731 13727 7017a707 13728 7017a240 5 API calls 13727->13728 13728->13731 13730->13726 13730->13727 13730->13731 13731->13718 13733 7017a0d7 HeapAlloc 13732->13733 13734 7017a0a7 HeapReAlloc 13732->13734 13735 7017a127 13733->13735 13736 7017a0fd VirtualAlloc 13733->13736 13734->13735 13737 7017a0c6 13734->13737 13735->13720 13736->13735 13738 7017a117 HeapFree 13736->13738 13737->13733 13738->13735 13740 7017a157 VirtualAlloc 13739->13740 13742 7017a1a0 13740->13742 13742->13722 13744 70179aa0 13743->13744 13748 70179d56 13743->13748 13745 70179c9c VirtualFree 13744->13745 13744->13748 13746 70179d00 13745->13746 13747 70179d0f VirtualFree HeapFree 13746->13747 13746->13748 13747->13748 13748->13704 13750 7017a536 13749->13750 13751 7017a520 13749->13751 13750->13704 13751->13750 13753 7017a3da 13751->13753 13755 7017a3e7 13753->13755 13754 7017a497 13754->13750 13755->13754 13756 7017a408 VirtualFree 13755->13756 13758 7017a384 VirtualFree 13755->13758 13756->13755 13759 7017a3a1 13758->13759 13760 7017a3d1 13759->13760 13761 7017a3b1 HeapFree 13759->13761 13760->13755 13761->13755 13763 701747f2 13762->13763 13765 70174804 13763->13765 13768 701781a9 13763->13768 13774 701781e2 13765->13774 13769 701781b3 13768->13769 13770 701781e2 7 API calls 13769->13770 13773 701781e0 13769->13773 13771 701781ca 13770->13771 13772 701781e2 7 API calls 13771->13772 13772->13773 13773->13765 13776 701781f5 13774->13776 13775 7017480d 13775->13570 13776->13775 13777 7017830c 13776->13777 13778 70178235 13776->13778 13779 7017831f GetStdHandle WriteFile 13777->13779 13778->13775 13780 70178241 GetModuleFileNameA 13778->13780 13779->13775 13781 70178259 13780->13781 13783 7017b095 13781->13783 13784 7017b0a2 LoadLibraryA 13783->13784 13786 7017b0e4 13783->13786 13785 7017b0b3 GetProcAddress 13784->13785 13784->13786 13785->13786 13787 7017b0ca GetProcAddress GetProcAddress 13785->13787 13786->13775 13787->13786 13789 7017ad53 13788->13789 13790 7017ad4c 13788->13790 13789->13580 13792 7017a97f 13790->13792 13799 7017ab18 13792->13799 13794 7017ab0c 13794->13789 13797 7017a9c2 GetCPInfo 13798 7017a9d6 13797->13798 13798->13794 13804 7017abbe GetCPInfo 13798->13804 13800 7017ab38 13799->13800 13801 7017ab28 GetOEMCP 13799->13801 13802 7017a990 13800->13802 13803 7017ab3d GetACP 13800->13803 13801->13800 13802->13794 13802->13797 13802->13798 13803->13802 13807 7017abe1 13804->13807 13811 7017aca9 13804->13811 13805 7017b21e 6 API calls 13806 7017ac5d 13805->13806 13808 7017b367 9 API calls 13806->13808 13807->13805 13809 7017ac81 13808->13809 13810 7017b367 9 API calls 13809->13810 13810->13811 13811->13794 13813 70177882 GetCurrentProcess TerminateProcess 13812->13813 13816 70177893 13812->13816 13813->13816 13814 70177872 13814->13514 13815 701778fd ExitProcess 13816->13814 13816->13815 13818 70172c16 13817->13818 13821 70172be0 13817->13821 13825 70171888 13818->13825 13820 70172c22 13822 70172c4b 13820->13822 13823 70171888 4 API calls 13820->13823 13821->13529 13822->13821 13824 70171888 4 API calls 13822->13824 13823->13820 13824->13822 13827 70171895 13825->13827 13830 701718fb 13825->13830 13828 701718ef GlobalFree 13827->13828 13829 701718ca GlobalFree 13827->13829 13831 70171888 GlobalFree GlobalFree 13827->13831 13832 70171847 13827->13832 13828->13827 13828->13830 13829->13828 13830->13820 13831->13827 13833 70171885 13832->13833 13835 70171853 13832->13835 13833->13827 13834 70171877 GlobalFree GlobalFree 13834->13833 13835->13834 13836 70171888 2 API calls 13835->13836 13836->13835 14358 40261c 14359 402da6 17 API calls 14358->14359 14360 402623 14359->14360 14363 406158 GetFileAttributesW CreateFileW 14360->14363 14362 40262f 14363->14362 12783 40252a 12794 402de6 12783->12794 12786 402da6 17 API calls 12787 40253d 12786->12787 12788 402548 RegQueryValueExW 12787->12788 12792 40292e 12787->12792 12789 40256e RegCloseKey 12788->12789 12790 402568 12788->12790 12789->12792 12790->12789 12799 4065af wsprintfW 12790->12799 12795 402da6 17 API calls 12794->12795 12796 402dfd 12795->12796 12797 4064d5 RegOpenKeyExW 12796->12797 12798 402534 12797->12798 12798->12786 12799->12789 12816 70142a7f 12817 70142acf 12816->12817 12818 70142a8f VirtualProtect 12816->12818 12818->12817 14601 40263e 14602 402652 14601->14602 14603 40266d 14601->14603 14604 402d84 17 API calls 14602->14604 14605 402672 14603->14605 14606 40269d 14603->14606 14615 402659 14604->14615 14608 402da6 17 API calls 14605->14608 14607 402da6 17 API calls 14606->14607 14609 4026a4 lstrlenW 14607->14609 14610 402679 14608->14610 14609->14615 14618 40668a WideCharToMultiByte 14610->14618 14612 40268d lstrlenA 14612->14615 14613 4026e7 14614 4026d1 14614->14613 14616 40620a WriteFile 14614->14616 14615->14613 14615->14614 14619 406239 SetFilePointer 14615->14619 14616->14613 14618->14612 14620 406255 14619->14620 14621 40626d 14619->14621 14622 4061db ReadFile 14620->14622 14621->14614 14623 406261 14622->14623 14623->14621 14624 406276 SetFilePointer 14623->14624 14625 40629e SetFilePointer 14623->14625 14624->14625 14626 406281 14624->14626 14625->14621 14627 40620a WriteFile 14626->14627 14627->14621 12707 4015c1 12708 402da6 17 API calls 12707->12708 12709 4015c8 12708->12709 12710 405fe2 4 API calls 12709->12710 12722 4015d1 12710->12722 12711 401631 12713 401663 12711->12713 12714 401636 12711->12714 12712 405f64 CharNextW 12712->12722 12717 401423 24 API calls 12713->12717 12726 401423 12714->12726 12723 40165b 12717->12723 12719 405c16 2 API calls 12719->12722 12720 405c33 5 API calls 12720->12722 12721 40164a SetCurrentDirectoryW 12721->12723 12722->12711 12722->12712 12722->12719 12722->12720 12724 401617 GetFileAttributesW 12722->12724 12725 405b99 4 API calls 12722->12725 12724->12722 12725->12722 12727 4056ca 24 API calls 12726->12727 12728 401431 12727->12728 12729 406668 lstrcpynW 12728->12729 12729->12721 14709 4016cc 14710 402da6 17 API calls 14709->14710 14711 4016d2 GetFullPathNameW 14710->14711 14712 40170e 14711->14712 14713 4016ec 14711->14713 14714 401723 GetShortPathNameW 14712->14714 14715 402c2a 14712->14715 14713->14712 14716 40699e 2 API calls 14713->14716 14714->14715 14717 4016fe 14716->14717 14717->14712 14719 406668 lstrcpynW 14717->14719 14719->14712 12917 4020d8 12918 40219c 12917->12918 12919 4020ea 12917->12919 12921 401423 24 API calls 12918->12921 12920 402da6 17 API calls 12919->12920 12922 4020f1 12920->12922 12928 4022f6 12921->12928 12923 402da6 17 API calls 12922->12923 12924 4020fa 12923->12924 12925 402110 LoadLibraryExW 12924->12925 12926 402102 GetModuleHandleW 12924->12926 12925->12918 12927 402121 12925->12927 12926->12925 12926->12927 12942 406aa4 12927->12942 12931 402132 12933 402151 12931->12933 12934 40213a 12931->12934 12932 40216b 12935 4056ca 24 API calls 12932->12935 12947 70404446 12933->12947 12988 7040431d 12933->12988 13013 70141817 12933->13013 12937 401423 24 API calls 12934->12937 12936 402142 12935->12936 12936->12928 12938 40218e FreeLibrary 12936->12938 12937->12936 12938->12928 13055 40668a WideCharToMultiByte 12942->13055 12944 406ac1 12945 406ac8 GetProcAddress 12944->12945 12946 40212c 12944->12946 12945->12946 12946->12931 12946->12932 12948 70404479 GlobalAlloc 12947->12948 12949 70404491 GlobalAlloc 12948->12949 12950 704045a3 12948->12950 12951 704044a7 12949->12951 12952 70404598 GlobalFree 12949->12952 12950->12936 13056 7040414a 12951->13056 12952->12950 12956 7040458f GlobalFree 12956->12952 12957 704044d6 lstrcmpiW 12958 704044c8 12957->12958 12959 704044eb lstrcmpiW 12957->12959 12958->12957 12961 7040455f 12958->12961 12969 70404b73 2 API calls 12958->12969 12977 70404532 12958->12977 12962 70404636 12959->12962 12963 704044fb lstrcmpiW 12959->12963 12960 7040457f 13142 70401558 12960->13142 12961->12956 12961->12960 12972 7040458d 12961->12972 13135 70402a75 12961->13135 12965 70404b73 2 API calls 12962->12965 12966 7040450b lstrcmpiW 12963->12966 12967 704045fd 12963->12967 12980 7040461d 12965->12980 12970 7040451b lstrcmpiW 12966->12970 12971 704045df 12966->12971 12973 70404b73 2 API calls 12967->12973 12969->12958 12970->12958 12975 704045b6 12970->12975 12974 70404b73 2 API calls 12971->12974 12972->12956 12976 70404603 12973->12976 12985 704045bc 12974->12985 12978 70404b73 2 API calls 12975->12978 12976->12961 12979 7040460b lstrcmpiW 12976->12979 12977->12958 13114 70401a11 12977->13114 12978->12985 12979->12980 12982 70404617 12979->12982 12980->12956 12980->12961 13084 70401ff4 12980->13084 12986 70404b73 2 API calls 12982->12986 12983 704045c5 13148 70402bb4 12983->13148 12985->12956 12985->12961 12985->12983 12986->12980 12989 7040434e GlobalAlloc 12988->12989 12990 70404434 12989->12990 12991 70404366 12989->12991 12990->12936 12992 7040414a 13 API calls 12991->12992 12994 70404376 12992->12994 12993 70404b73 2 API calls 12993->12994 12994->12993 12995 704043c7 12994->12995 12996 7040437e lstrcmpiW 12994->12996 12998 70404429 GlobalFree 12995->12998 13286 70401c1c 12995->13286 12996->12994 12997 70404393 lstrcmpiW 12996->12997 12997->12994 12999 704043a9 lstrcmpiW 12997->12999 12998->12990 12999->12994 13001 704043c9 12999->13001 13001->12995 13002 704043cd 13001->13002 13004 70404c09 2 API calls 13002->13004 13003 704043f6 13005 704043fd 13003->13005 13006 7040440e GetLastError 13003->13006 13004->12995 13007 70404401 13005->13007 13008 70404407 13005->13008 13300 70403fc3 13006->13300 13010 70404c09 2 API calls 13007->13010 13008->12998 13010->13008 13012 70404c09 2 API calls 13012->12998 13014 7014184a 13013->13014 13362 70141bff 13014->13362 13016 70141851 13017 70141976 13016->13017 13018 70141862 13016->13018 13019 70141869 13016->13019 13017->12936 13410 7014243e 13018->13410 13396 70142480 13019->13396 13024 701418cd 13028 701418d3 13024->13028 13029 7014191e 13024->13029 13025 701418af 13423 70142655 13025->13423 13026 7014187f 13031 70141885 13026->13031 13037 70141890 13026->13037 13027 70141898 13038 7014188e 13027->13038 13420 70142e23 13027->13420 13439 70141666 13028->13439 13035 70142655 10 API calls 13029->13035 13031->13038 13406 70142b98 13031->13406 13041 7014190f 13035->13041 13036 701418b5 13434 70141654 13036->13434 13414 70142810 13037->13414 13038->13024 13038->13025 13047 70141965 13041->13047 13445 70142618 13041->13445 13043 70141896 13043->13038 13044 70142655 10 API calls 13044->13041 13046 70141312 2 API calls 13048 701418c1 GlobalFree 13046->13048 13047->13017 13049 7014196f GlobalFree 13047->13049 13048->13041 13049->13017 13052 70141951 13052->13047 13449 701415dd wsprintfW 13052->13449 13053 7014194a FreeLibrary 13053->13052 13055->12944 13057 70404165 13056->13057 13058 7040415b 13056->13058 13061 70404b73 2 API calls 13057->13061 13176 70402a6a GlobalAlloc 13058->13176 13060 70404160 13060->13057 13062 70404178 13061->13062 13063 7040417c lstrcmpiW 13062->13063 13076 704041a5 13062->13076 13065 704041ac 13063->13065 13066 7040418d 13063->13066 13064 70402b39 5 API calls 13075 704041d0 13064->13075 13183 70404c09 13065->13183 13067 70404b73 2 API calls 13066->13067 13073 70404192 13067->13073 13070 704041bd 13072 704041d5 13070->13072 13070->13076 13071 704041f9 13079 70404b73 13071->13079 13072->13071 13072->13075 13073->13076 13177 70402b39 13073->13177 13075->13072 13186 7040154d GlobalAlloc 13075->13186 13076->13064 13076->13070 13078 704041e9 13078->13071 13080 70404b81 13079->13080 13081 70404baf 13079->13081 13080->13081 13082 70404ba0 GlobalFree 13080->13082 13083 70404b8d lstrcpyW 13080->13083 13081->12958 13082->13081 13083->13082 13085 70402005 13084->13085 13108 704020e3 13084->13108 13086 70402095 13085->13086 13087 7040200f 13085->13087 13187 7040240b 13086->13187 13089 7040203f 13087->13089 13093 70402031 13087->13093 13094 7040201d 13087->13094 13091 70402049 13089->13091 13092 7040205c lstrlenA 13089->13092 13209 704015f7 lstrlenW 13091->13209 13217 704021fb MultiByteToWideChar 13092->13217 13093->13089 13095 70402038 13093->13095 13094->13089 13103 70402026 GlobalFree 13094->13103 13098 70401558 3 API calls 13095->13098 13098->13089 13099 704020b2 13104 70402085 13099->13104 13105 704020b7 13099->13105 13100 7040211a 13100->13104 13106 70401558 3 API calls 13100->13106 13101 70402052 13101->13108 13103->13089 13104->13108 13111 70402151 GlobalFree 13104->13111 13105->13108 13109 704020d4 13105->13109 13110 704020cf GlobalFree 13105->13110 13106->13104 13107 704015f7 4 API calls 13112 70402083 13107->13112 13108->12961 13109->13108 13113 704020ea GlobalFree 13109->13113 13110->13109 13111->13108 13112->13104 13113->13108 13115 70401a1e 13114->13115 13116 70401c0f 13115->13116 13258 704013f8 lstrlenW 13115->13258 13116->12977 13118 70401c08 GlobalFree 13118->13116 13119 70401a3a 13119->13116 13119->13118 13120 70401ac9 13119->13120 13121 70401a9c 13119->13121 13125 70401a5b 13119->13125 13120->13118 13120->13125 13127 70401af6 lstrcmpW 13120->13127 13122 70401aad lstrcmpW 13121->13122 13121->13125 13122->13121 13122->13125 13123 70401b22 GlobalAlloc 13124 70401b3c 13123->13124 13126 70401bab 13124->13126 13128 70401b47 GlobalAlloc 13124->13128 13125->13118 13125->13123 13129 70401b96 13126->13129 13131 70401bc2 lstrlenW GlobalAlloc 13126->13131 13132 70401bea GlobalAlloc 13126->13132 13127->13120 13127->13125 13128->13129 13130 70401b62 lstrlenW GlobalAlloc 13128->13130 13129->13118 13130->13129 13133 70401b89 lstrcpyW 13130->13133 13131->13129 13134 70401be0 lstrcpyW 13131->13134 13132->13129 13133->13129 13134->13129 13136 70402a81 13135->13136 13137 70402ac1 13135->13137 13136->13137 13138 70402aa0 lstrcmpiW 13136->13138 13137->12960 13138->13136 13139 70402ac3 13138->13139 13140 70402ad9 GlobalFree 13139->13140 13141 70402adf GlobalFree GlobalFree 13139->13141 13140->13141 13141->13137 13145 704015f2 13142->13145 13147 70401567 13142->13147 13143 704015b2 GlobalFree 13143->13147 13144 704015df GlobalFree 13144->13147 13145->12972 13146 704015c6 GlobalFree 13146->13144 13147->13143 13147->13144 13147->13145 13147->13146 13262 704040c4 13148->13262 13151 70402bd3 GlobalAlloc 13152 70402be8 13151->13152 13168 70402d15 13151->13168 13270 7040199e 13152->13270 13157 70402c72 13161 7040199e 14 API calls 13157->13161 13158 70402c0a CreateThread 13159 70402c66 GlobalFree 13158->13159 13160 70402c1e GlobalAlloc 13158->13160 13159->13168 13162 70402c39 wsprintfW 13160->13162 13160->13168 13163 70402c7d 13161->13163 13278 70402160 13162->13278 13165 704019d2 2 API calls 13163->13165 13166 70402c83 13165->13166 13166->13168 13169 70402c8e CreateThread 13166->13169 13167 70402c57 GlobalFree 13167->13168 13168->12961 13169->13168 13173 70402ca3 13169->13173 13170 70402ca8 MsgWaitForMultipleObjectsEx 13171 70402d08 CloseHandle 13170->13171 13170->13173 13171->13168 13172 70402cc3 PeekMessageW 13172->13173 13173->13170 13173->13171 13173->13172 13174 70402cf1 PostMessageW 13173->13174 13175 70402cdb TranslateMessage DispatchMessageW 13173->13175 13174->13173 13175->13172 13176->13060 13178 70402b45 13177->13178 13179 70402baa 13177->13179 13180 70402b56 lstrcmpiW 13178->13180 13181 70402b6a 13178->13181 13179->13076 13180->13178 13180->13179 13181->13179 13182 70402b6f GlobalAlloc lstrlenW GlobalAlloc lstrcpyW 13181->13182 13182->13179 13184 704041b1 lstrcpyW 13183->13184 13185 70404c15 GlobalAlloc lstrcpynW 13183->13185 13184->13070 13185->13184 13186->13078 13188 70402492 13187->13188 13189 70402426 CreateFileW 13187->13189 13192 704024a4 lstrlenA 13188->13192 13193 7040249c lstrlenW 13188->13193 13190 7040244a GetFileSize 13189->13190 13191 704020a0 13189->13191 13194 70402486 CloseHandle 13190->13194 13195 7040245b GlobalAlloc 13190->13195 13191->13099 13191->13100 13191->13108 13196 704024aa 13192->13196 13193->13196 13194->13196 13195->13194 13197 70402476 ReadFile 13195->13197 13196->13191 13198 704024d3 13196->13198 13199 704024b7 13196->13199 13197->13194 13201 704021fb 4 API calls 13198->13201 13222 70401052 13199->13222 13203 704024fe 13201->13203 13205 70402520 13203->13205 13206 70401052 8 API calls 13203->13206 13205->13191 13207 70402526 GlobalFree 13205->13207 13208 70402514 GlobalFree 13206->13208 13207->13191 13208->13205 13210 7040161e GlobalAlloc 13209->13210 13212 704017c5 lstrcpyW 13210->13212 13213 704016cb 13210->13213 13214 704017b0 13212->13214 13213->13212 13215 704016d7 13213->13215 13214->13101 13215->13214 13216 70401748 wsprintfW 13215->13216 13216->13215 13218 70402074 13217->13218 13219 7040221c GlobalAlloc 13217->13219 13218->13101 13218->13107 13219->13218 13220 70402232 MultiByteToWideChar 13219->13220 13220->13218 13221 7040224d GlobalFree 13220->13221 13221->13218 13246 7040154d GlobalAlloc 13222->13246 13224 7040105e 13225 70401081 13224->13225 13226 704010bf 13224->13226 13235 704010b6 13224->13235 13227 70401052 5 API calls 13225->13227 13229 704010e9 13226->13229 13230 704010cf 13226->13230 13234 7040108d 13227->13234 13228 704010ab 13232 70401558 3 API calls 13228->13232 13252 7040122c 13229->13252 13247 704011bb 13230->13247 13232->13235 13234->13228 13237 70401186 13234->13237 13235->13205 13236 7040114b GlobalFree 13236->13235 13237->13235 13239 70401052 5 API calls 13237->13239 13238 704010f8 13238->13236 13238->13237 13241 70401176 GlobalAlloc 13238->13241 13242 70401139 13238->13242 13240 704011a8 13239->13240 13240->13235 13240->13236 13241->13237 13243 70401052 5 API calls 13242->13243 13244 70401142 13243->13244 13244->13236 13245 70401157 GlobalFree 13244->13245 13245->13237 13246->13224 13248 70401052 8 API calls 13247->13248 13250 704011cc 13248->13250 13249 704011f4 13249->13234 13250->13249 13251 704011bb 8 API calls 13250->13251 13251->13249 13253 7040123f 13252->13253 13254 704012eb 13253->13254 13256 7040225b GlobalAlloc 13253->13256 13254->13238 13257 7040227d 13256->13257 13257->13254 13259 70401438 GlobalAlloc 13258->13259 13260 7040141e 13258->13260 13261 70401454 13259->13261 13260->13259 13260->13260 13261->13119 13263 704040d0 13262->13263 13264 704040d5 13262->13264 13284 70402a6a GlobalAlloc 13263->13284 13266 70402b39 5 API calls 13264->13266 13267 704040e8 13266->13267 13268 70402bc7 13267->13268 13285 7040154d GlobalAlloc 13267->13285 13268->13151 13268->13168 13271 70401a11 14 API calls 13270->13271 13272 704019b4 13271->13272 13273 704019d2 13272->13273 13274 70401a07 13273->13274 13275 704019dd 13273->13275 13274->13157 13274->13158 13275->13274 13276 704019e3 lstrcmpW 13275->13276 13276->13274 13277 704019f5 lstrcmpiW 13276->13277 13277->13274 13279 70401a11 14 API calls 13278->13279 13280 70402176 13279->13280 13281 7040218e 13280->13281 13282 70401ff4 30 API calls 13280->13282 13281->13167 13283 70402189 13282->13283 13283->13167 13284->13264 13285->13268 13287 70401c44 13286->13287 13288 70401c2f 13286->13288 13289 70401ca4 13287->13289 13290 70401c5a CreateFileW 13287->13290 13288->13287 13323 70401000 13288->13323 13326 70402536 13289->13326 13293 70401c99 GetLastError 13290->13293 13294 70401c7a 13290->13294 13295 70401cc7 13293->13295 13310 704027ba 13294->13310 13298 70401cd5 SetLastError 13295->13298 13299 70401cce GlobalFree 13295->13299 13298->13003 13299->13298 13301 70403fda GetModuleHandleA 13300->13301 13302 70403ffb 13300->13302 13303 7040400f FormatMessageW 13301->13303 13302->13303 13304 704040af 13303->13304 13305 7040401f lstrlenW lstrcpyW lstrcpyW 13303->13305 13306 704040c0 13304->13306 13307 704040b7 LocalFree 13304->13307 13309 70404050 lstrcpyW wsprintfW 13305->13309 13306->13012 13307->13306 13309->13304 13311 70401c8d CloseHandle 13310->13311 13321 704027c9 13310->13321 13311->13295 13313 704027e5 lstrlenW 13315 7040238c 7 API calls 13313->13315 13314 7040287b lstrlenW 13314->13321 13315->13321 13316 7040238c 7 API calls 13318 7040284e lstrlenW 13316->13318 13317 704027ba 7 API calls 13317->13321 13319 7040238c 7 API calls 13318->13319 13319->13321 13320 7040238c 7 API calls 13320->13321 13321->13311 13321->13314 13321->13316 13321->13317 13321->13320 13322 704023e4 7 API calls 13321->13322 13341 7040238c 13321->13341 13322->13321 13354 7040154d GlobalAlloc 13323->13354 13325 70401008 13325->13287 13327 7040279a 13326->13327 13339 7040254d 13326->13339 13328 704027b5 13327->13328 13329 704027a4 lstrcpyW 13327->13329 13328->13295 13329->13328 13332 7040263b lstrlenW 13332->13339 13333 7040229e 4 API calls 13333->13339 13334 7040229e 4 API calls 13337 704025fa lstrlenW 13334->13337 13335 7040229e GlobalReAlloc GetLastError GlobalFree lstrcpyW 13335->13339 13336 70402536 4 API calls 13336->13339 13338 7040229e 4 API calls 13337->13338 13338->13339 13339->13327 13339->13328 13339->13332 13339->13334 13339->13335 13339->13336 13340 7040235c GlobalReAlloc GetLastError GlobalFree lstrcpyW 13339->13340 13355 7040229e 13339->13355 13340->13339 13342 70402395 WriteFile 13341->13342 13343 704023af 13341->13343 13342->13313 13348 70401933 WideCharToMultiByte 13343->13348 13346 704023e1 13346->13313 13347 704023c7 WriteFile GlobalFree 13347->13346 13349 70401997 13348->13349 13350 7040195b GlobalAlloc 13348->13350 13349->13346 13349->13347 13350->13349 13351 7040196d WideCharToMultiByte 13350->13351 13352 70401990 GlobalFree 13351->13352 13353 7040198a 13351->13353 13352->13349 13353->13349 13354->13325 13356 70402306 13355->13356 13357 704022b9 13355->13357 13358 7040231f lstrlenW 13356->13358 13359 70402310 lstrcpyW 13356->13359 13357->13356 13357->13358 13360 704022cf GlobalReAlloc 13357->13360 13358->13333 13359->13358 13360->13357 13361 704022de GetLastError GlobalFree 13360->13361 13361->13357 13452 701412bb GlobalAlloc 13362->13452 13364 70141c26 13453 701412bb GlobalAlloc 13364->13453 13366 70141e6b GlobalFree GlobalFree GlobalFree 13367 70141e88 13366->13367 13378 70141ed2 13366->13378 13368 7014227e 13367->13368 13377 70141e9d 13367->13377 13367->13378 13370 701422a0 GetModuleHandleW 13368->13370 13368->13378 13369 70141d26 GlobalAlloc 13386 70141c31 13369->13386 13372 701422c6 13370->13372 13373 701422b1 LoadLibraryW 13370->13373 13371 70141d8f GlobalFree 13371->13386 13457 701416bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 13372->13457 13373->13372 13373->13378 13374 70141d71 lstrcpyW 13375 70141d7b lstrcpyW 13374->13375 13375->13386 13377->13378 13381 701412cc 2 API calls 13377->13381 13378->13016 13379 70142318 13379->13378 13383 70142325 lstrlenW 13379->13383 13380 70142126 13456 701412bb GlobalAlloc 13380->13456 13381->13378 13458 701416bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 13383->13458 13384 701422d8 13384->13379 13394 70142302 GetProcAddress 13384->13394 13386->13366 13386->13369 13386->13371 13386->13374 13386->13375 13386->13378 13386->13380 13387 70142067 GlobalFree 13386->13387 13388 701421ae 13386->13388 13389 701412cc 2 API calls 13386->13389 13390 70141dcd 13386->13390 13387->13386 13388->13378 13393 70142216 lstrcpyW 13388->13393 13389->13386 13390->13386 13454 7014162f GlobalSize GlobalAlloc 13390->13454 13391 7014233f 13391->13378 13393->13378 13394->13379 13395 7014212f 13395->13016 13401 70142498 13396->13401 13397 701412cc GlobalAlloc lstrcpynW 13397->13401 13398 7014135a 2 API calls 13398->13401 13399 701425c1 GlobalFree 13400 7014186f 13399->13400 13399->13401 13400->13026 13400->13027 13400->13038 13401->13397 13401->13398 13401->13399 13402 70142540 GlobalAlloc WideCharToMultiByte 13401->13402 13403 7014256b GlobalAlloc 13401->13403 13404 70142582 13401->13404 13402->13399 13403->13404 13404->13399 13459 701427a4 13404->13459 13409 70142baa 13406->13409 13408 70142d39 13408->13038 13462 70142b42 13409->13462 13411 70142453 13410->13411 13412 70141868 13411->13412 13413 7014245e GlobalAlloc 13411->13413 13412->13019 13413->13411 13418 70142840 13414->13418 13415 701428ee 13417 701428f4 GlobalSize 13415->13417 13419 701428fe 13415->13419 13416 701428db GlobalAlloc 13416->13419 13417->13419 13418->13415 13418->13416 13419->13043 13421 70142e2e 13420->13421 13422 70142e6e GlobalFree 13421->13422 13466 701412bb GlobalAlloc 13423->13466 13425 701426d8 MultiByteToWideChar 13428 7014265f 13425->13428 13426 701426fa StringFromGUID2 13426->13428 13427 7014270b lstrcpynW 13427->13428 13428->13425 13428->13426 13428->13427 13429 7014271e wsprintfW 13428->13429 13430 70142742 GlobalFree 13428->13430 13431 70142777 GlobalFree 13428->13431 13432 70141312 2 API calls 13428->13432 13433 70141381 lstrcpyW 13428->13433 13429->13428 13430->13428 13431->13036 13432->13428 13433->13428 13467 701412bb GlobalAlloc 13434->13467 13436 70141659 13437 70141666 2 API calls 13436->13437 13438 70141663 13437->13438 13438->13046 13440 70141672 wsprintfW 13439->13440 13441 7014169f lstrcpyW 13439->13441 13444 701416b8 13440->13444 13441->13444 13444->13044 13446 70142626 13445->13446 13448 70141931 13445->13448 13447 70142642 GlobalFree 13446->13447 13446->13448 13447->13446 13448->13052 13448->13053 13450 70141312 2 API calls 13449->13450 13451 701415fe 13450->13451 13451->13047 13452->13364 13453->13386 13455 7014164d 13454->13455 13455->13390 13456->13395 13457->13384 13458->13391 13460 701427b2 VirtualAlloc 13459->13460 13461 70142808 13459->13461 13460->13461 13461->13404 13463 70142b4d 13462->13463 13464 70142b52 GetLastError 13463->13464 13465 70142b5d 13463->13465 13464->13465 13465->13408 13466->13428 13467->13436 15708 401ff6 15709 402da6 17 API calls 15708->15709 15710 401ffd 15709->15710 15711 40699e 2 API calls 15710->15711 15712 402003 15711->15712 15714 402014 15712->15714 15715 4065af wsprintfW 15712->15715 15715->15714 12751 401389 12753 401390 12751->12753 12752 4013fe 12753->12752 12754 4013cb MulDiv SendMessageW 12753->12754 12754->12753 12755 40248a 12756 402da6 17 API calls 12755->12756 12757 40249c 12756->12757 12758 402da6 17 API calls 12757->12758 12759 4024a6 12758->12759 12772 402e36 12759->12772 12762 402c2a 12763 4024de 12768 4024ea 12763->12768 12776 402d84 12763->12776 12764 402da6 17 API calls 12765 4024d4 lstrlenW 12764->12765 12765->12763 12767 402509 RegSetValueExW 12770 40251f RegCloseKey 12767->12770 12768->12767 12769 403371 44 API calls 12768->12769 12769->12767 12770->12762 12773 402e51 12772->12773 12779 406503 12773->12779 12777 4066a5 17 API calls 12776->12777 12778 402d99 12777->12778 12778->12768 12780 406512 12779->12780 12781 4024b6 12780->12781 12782 40651d RegCreateKeyExW 12780->12782 12781->12762 12781->12763 12781->12764 12782->12781 13468 401b9b 13469 401ba8 13468->13469 13470 401bec 13468->13470 13471 401c31 13469->13471 13476 401bbf 13469->13476 13472 401bf1 13470->13472 13473 401c16 GlobalAlloc 13470->13473 13474 4066a5 17 API calls 13471->13474 13482 40239d 13471->13482 13472->13482 13487 406668 lstrcpynW 13472->13487 13475 4066a5 17 API calls 13473->13475 13477 402397 13474->13477 13475->13471 13488 406668 lstrcpynW 13476->13488 13477->13482 13483 405cc8 MessageBoxIndirectW 13477->13483 13480 401c03 GlobalFree 13480->13482 13481 401bce 13489 406668 lstrcpynW 13481->13489 13483->13482 13485 401bdd 13490 406668 lstrcpynW 13485->13490 13487->13480 13488->13481 13489->13485 13490->13482 13837 40259e 13838 402de6 17 API calls 13837->13838 13839 4025a8 13838->13839 13840 402d84 17 API calls 13839->13840 13841 4025b1 13840->13841 13842 4025d9 RegEnumValueW 13841->13842 13843 4025cd RegEnumKeyW 13841->13843 13844 40292e 13841->13844 13845 4025f5 RegCloseKey 13842->13845 13846 4025ee 13842->13846 13843->13845 13845->13844 13846->13845 12730 401fa4 12731 402da6 17 API calls 12730->12731 12732 401faa 12731->12732 12733 4056ca 24 API calls 12732->12733 12734 401fb4 12733->12734 12735 405c4b 2 API calls 12734->12735 12736 401fba 12735->12736 12737 401fdd CloseHandle 12736->12737 12741 40292e 12736->12741 12745 406ae0 WaitForSingleObject 12736->12745 12737->12741 12740 401fcf 12742 401fd4 12740->12742 12743 401fdf 12740->12743 12750 4065af wsprintfW 12742->12750 12743->12737 12746 406afa 12745->12746 12747 406b0c GetExitCodeProcess 12746->12747 12748 406a71 2 API calls 12746->12748 12747->12740 12749 406b01 WaitForSingleObject 12748->12749 12749->12746 12750->12737 12800 4021aa 12801 402da6 17 API calls 12800->12801 12802 4021b1 12801->12802 12803 402da6 17 API calls 12802->12803 12804 4021bb 12803->12804 12805 402da6 17 API calls 12804->12805 12806 4021c5 12805->12806 12807 402da6 17 API calls 12806->12807 12808 4021cf 12807->12808 12809 402da6 17 API calls 12808->12809 12810 4021d9 12809->12810 12811 402218 CoCreateInstance 12810->12811 12812 402da6 17 API calls 12810->12812 12813 402237 12811->12813 12812->12811 12814 401423 24 API calls 12813->12814 12815 4022f6 12813->12815 12814->12815 12890 701410e1 12900 70141111 12890->12900 12891 701412b0 GlobalFree 12892 70141240 GlobalFree 12892->12900 12893 701411d7 GlobalAlloc 12895 701411b8 12893->12895 12895->12900 12906 7014135a 12895->12906 12910 70141312 12895->12910 12896 701412ab 12896->12891 12898 7014129a GlobalFree 12898->12900 12900->12891 12900->12892 12900->12893 12900->12895 12900->12896 12900->12898 12901 7014116b GlobalAlloc 12900->12901 12902 70141381 12900->12902 12901->12900 12903 701413ac 12902->12903 12904 7014138a 12902->12904 12903->12900 12904->12903 12905 70141390 lstrcpyW 12904->12905 12905->12903 12907 70141361 12906->12907 12913 701412cc 12907->12913 12909 7014137f 12909->12895 12911 70141355 12910->12911 12912 7014131b GlobalAlloc lstrcpynW 12910->12912 12911->12900 12912->12911 12916 701412bb GlobalAlloc 12913->12916 12915 701412db lstrcpynW 12915->12909 12916->12915

                                                                                                                      Executed Functions

                                                                                                                      Function 00403640 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 450stringfilecomCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 7 403733-403747 call 4069c5 lstrlenA 6->7 13 403749-403765 call 406a35 * 3 7->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 35 40390b-403925 GetTempPathW call 40360f 33->35 36 403801-403806 34->36 37 403808-40380e 34->37 46 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 35->46 47 40397d-403995 DeleteFileW call 4030d0 35->47 36->36 36->37 39 403810-403814 37->39 40 403815-403819 37->40 39->40 41 4038d9-4038e7 call 405f64 40->41 42 40381f-403825 40->42 41->32 61 4038e9-4038ea 41->61 44 403827-40382e 42->44 45 40383f-403878 42->45 49 403830-403833 44->49 50 403835 44->50 51 403894-4038ce 45->51 52 40387a-40387f 45->52 46->47 66 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 46->66 62 40399b-4039a1 47->62 63 403b6c-403b7a call 403c25 OleUninitialize 47->63 49->45 49->50 50->45 58 4038d0-4038d4 51->58 59 4038d6-4038d8 51->59 52->51 56 403881-403889 52->56 64 403890 56->64 65 40388b-40388e 56->65 58->59 67 4038f9-403906 call 406668 58->67 59->41 61->32 68 4039a7-4039ba call 405f64 62->68 69 403a48-403a4f call 403d17 62->69 79 403b91-403b97 63->79 80 403b7c-403b8b call 405cc8 ExitProcess 63->80 64->51 65->51 65->64 66->47 66->63 67->35 81 403a0c-403a19 68->81 82 4039bc-4039f1 68->82 78 403a54-403a57 69->78 78->63 84 403b99-403bae GetCurrentProcess OpenProcessToken 79->84 85 403c0f-403c17 79->85 89 403a1b-403a29 call 40603f 81->89 90 403a5c-403a70 call 405c33 lstrcatW 81->90 86 4039f3-4039f7 82->86 92 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 84->92 93 403bdf-403bed call 406a35 84->93 87 403c19 85->87 88 403c1c-403c1f ExitProcess 85->88 95 403a00-403a08 86->95 96 4039f9-4039fe 86->96 87->88 89->63 107 403a2f-403a45 call 406668 * 2 89->107 105 403a72-403a78 lstrcatW 90->105 106 403a7d-403a97 lstrcatW lstrcmpiW 90->106 92->93 103 403bfb-403c06 ExitWindowsEx 93->103 104 403bef-403bf9 93->104 95->86 100 403a0a 95->100 96->95 96->100 100->81 103->85 108 403c08-403c0a call 40140b 103->108 104->103 104->108 105->106 109 403b6a 106->109 110 403a9d-403aa0 106->110 107->69 108->85 109->63 114 403aa2-403aa7 call 405b99 110->114 115 403aa9 call 405c16 110->115 120 403aae-403abe SetCurrentDirectoryW 114->120 115->120 123 403ac0-403ac6 call 406668 120->123 124 403acb-403af7 call 406668 120->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 133 403b63-403b65 call 406428 131->133 132->131 134 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->134 133->109 134->131 142 403b4d-403b54 CloseHandle 134->142 142->131
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00008001), ref: 00403663
                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                      • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                      • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                      • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                      • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                      • CharNextW.USER32(00000000,"C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force,00000020,"C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force,00000000), ref: 004037E9
                                                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\), ref: 0040396E
                                                                                                                      • DeleteFileW.KERNEL32(1033), ref: 00403982
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                                        • Part of subcall function 00405C16: CreateDirectoryW.KERNEL32(?,00000000,00403633,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force,00000000,?), ref: 00403A8F
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                      • DeleteFileW.KERNEL32(00420F08,00420F08,?,7303796,?), ref: 00403B0E
                                                                                                                      • CopyFileW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,00420F08,00000001), ref: 00403B21
                                                                                                                      • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                      • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                      • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                      • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                      • String ID: "C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp" /internal 1719416423291719 /force$.tmp$1033$7303796$C:\Users\user~1\AppData\Local\Temp$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp$C:\Users\user\PCAppStore$C:\Users\user\PCAppStore$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                      • API String ID: 3859024572-921117985
                                                                                                                      • Opcode ID: 54eba713b65b488fe05b557adb658f0301d1077f312d6d7219dab3d109336353
                                                                                                                      • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                      • Opcode Fuzzy Hash: 54eba713b65b488fe05b557adb658f0301d1077f312d6d7219dab3d109336353
                                                                                                                      • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                      Function 70141BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 701412BB: GlobalAlloc.KERNEL32(00000040,?,701412DB,?,7014137F,00000019,701411CA,-000000A0), ref: 701412C5
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 70141D2D
                                                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 70141D75
                                                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 70141D7F
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70141D92
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70141E74
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70141E79
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70141E7E
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70142068
                                                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 70142222
                                                                                                                      • GetModuleHandleW.KERNEL32(00000008), ref: 701422A1
                                                                                                                      • LoadLibraryW.KERNEL32(00000008), ref: 701422B2
                                                                                                                      • GetProcAddress.KERNEL32(?,?), ref: 7014230C
                                                                                                                      • lstrlenW.KERNEL32(00000808), ref: 70142326
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 245916457-0
                                                                                                                      • Opcode ID: 19c6b513c5f5ce21414a7a43172c8683558ec7972564a39dd3b92f7e6a688d02
                                                                                                                      • Instruction ID: 21fb95db6c6e3d9589b6fbd520ffca3299e3b58a5378d9bca6225e4a6a30409a
                                                                                                                      • Opcode Fuzzy Hash: 19c6b513c5f5ce21414a7a43172c8683558ec7972564a39dd3b92f7e6a688d02
                                                                                                                      • Instruction Fuzzy Hash: 3F22BC71D00209DECB128FA4C9846EEB7F4FB08315F72656EF166E36A0E7B45A85CB50
                                                                                                                      Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 637 405d74-405d9a call 40603f 640 405db3-405dba 637->640 641 405d9c-405dae DeleteFileW 637->641 643 405dbc-405dbe 640->643 644 405dcd-405ddd call 406668 640->644 642 405f30-405f34 641->642 645 405dc4-405dc7 643->645 646 405ede-405ee3 643->646 652 405dec-405ded call 405f83 644->652 653 405ddf-405dea lstrcatW 644->653 645->644 645->646 646->642 648 405ee5-405ee8 646->648 650 405ef2-405efa call 40699e 648->650 651 405eea-405ef0 648->651 650->642 661 405efc-405f10 call 405f37 call 405d2c 650->661 651->642 656 405df2-405df6 652->656 653->656 657 405e02-405e08 lstrcatW 656->657 658 405df8-405e00 656->658 660 405e0d-405e29 lstrlenW FindFirstFileW 657->660 658->657 658->660 662 405ed3-405ed7 660->662 663 405e2f-405e37 660->663 677 405f12-405f15 661->677 678 405f28-405f2b call 4056ca 661->678 662->646 668 405ed9 662->668 665 405e57-405e6b call 406668 663->665 666 405e39-405e41 663->666 679 405e82-405e8d call 405d2c 665->679 680 405e6d-405e75 665->680 669 405e43-405e4b 666->669 670 405eb6-405ec6 FindNextFileW 666->670 668->646 669->665 673 405e4d-405e55 669->673 670->663 676 405ecc-405ecd FindClose 670->676 673->665 673->670 676->662 677->651 683 405f17-405f26 call 4056ca call 406428 677->683 678->642 688 405eae-405eb1 call 4056ca 679->688 689 405e8f-405e92 679->689 680->670 684 405e77-405e80 call 405d74 680->684 683->642 684->670 688->670 692 405e94-405ea4 call 4056ca call 406428 689->692 693 405ea6-405eac 689->693 692->670 693->670
                                                                                                                      APIs
                                                                                                                      • DeleteFileW.KERNEL32(?,?,771B3420,771B2EE0,00000000), ref: 00405D9D
                                                                                                                      • lstrcatW.KERNEL32(00425750,\*.*), ref: 00405DE5
                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,771B3420,771B2EE0,00000000), ref: 00405E0E
                                                                                                                      • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,771B3420,771B2EE0,00000000), ref: 00405E1E
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                      • String ID: .$.$PWB$\*.*
                                                                                                                      • API String ID: 2035342205-2468439962
                                                                                                                      • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                      • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                      • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                      • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                      Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                      • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                      • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                      • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                      Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(771B3420,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,771B3420,?,771B2EE0,00405D94,?,771B3420,771B2EE0), ref: 004069A9
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2295610775-0
                                                                                                                      • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                      • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                      • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                      • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                      Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 143 403d17-403d2f call 406a35 146 403d31-403d41 call 4065af 143->146 147 403d43-403d7a call 406536 143->147 156 403d9d-403dc6 call 403fed call 40603f 146->156 152 403d92-403d98 lstrcatW 147->152 153 403d7c-403d8d call 406536 147->153 152->156 153->152 161 403e58-403e60 call 40603f 156->161 162 403dcc-403dd1 156->162 168 403e62-403e69 call 4066a5 161->168 169 403e6e-403e93 LoadImageW 161->169 162->161 163 403dd7-403dff call 406536 162->163 163->161 170 403e01-403e05 163->170 168->169 172 403f14-403f1c call 40140b 169->172 173 403e95-403ec5 RegisterClassW 169->173 174 403e17-403e23 lstrlenW 170->174 175 403e07-403e14 call 405f64 170->175 184 403f26-403f31 call 403fed 172->184 185 403f1e-403f21 172->185 176 403fe3 173->176 177 403ecb-403f0f SystemParametersInfoW CreateWindowExW 173->177 182 403e25-403e33 lstrcmpiW 174->182 183 403e4b-403e53 call 405f37 call 406668 174->183 175->174 181 403fe5-403fec 176->181 177->172 182->183 188 403e35-403e3f GetFileAttributesW 182->188 183->161 196 403f37-403f51 ShowWindow call 4069c5 184->196 197 403fba-403fc2 call 40579d 184->197 185->181 191 403e41-403e43 188->191 192 403e45-403e46 call 405f83 188->192 191->183 191->192 192->183 204 403f53-403f58 call 4069c5 196->204 205 403f5d-403f6f GetClassInfoW 196->205 202 403fc4-403fca 197->202 203 403fdc-403fde call 40140b 197->203 202->185 206 403fd0-403fd7 call 40140b 202->206 203->176 204->205 209 403f71-403f81 GetClassInfoW RegisterClassW 205->209 210 403f87-403fb8 DialogBoxParamW call 40140b call 403c67 205->210 206->185 209->210 210->181
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                        • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                      • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                                                      • lstrlenW.KERNEL32(get,?,?,?,get,00000000,C:\Users\user\PCAppStore,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,771B3420), ref: 00403E18
                                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,get,?,?,?,get,00000000,C:\Users\user\PCAppStore,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                      • GetFileAttributesW.KERNEL32(get,?,00000000,?), ref: 00403E36
                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\PCAppStore), ref: 00403E7F
                                                                                                                        • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                      • RegisterClassW.USER32(00429200), ref: 00403EBC
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                                                      • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                                                                                                                      • RegisterClassW.USER32(00429200), ref: 00403F81
                                                                                                                      • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\PCAppStore$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$get
                                                                                                                      • API String ID: 1975747703-970466835
                                                                                                                      • Opcode ID: 78a63079156de9a95659751e2075cee6996798d0e51b0c114acce594fd97feca
                                                                                                                      • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                      • Opcode Fuzzy Hash: 78a63079156de9a95659751e2075cee6996798d0e51b0c114acce594fd97feca
                                                                                                                      • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                      Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 217 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 220 403120-403125 217->220 221 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 217->221 222 40336a-40336e 220->222 229 403243-403251 call 40302e 221->229 230 40315e 221->230 236 403322-403327 229->236 237 403257-40325a 229->237 231 403163-40317a 230->231 233 40317c 231->233 234 40317e-403187 call 4035e2 231->234 233->234 243 40318d-403194 234->243 244 4032de-4032e6 call 40302e 234->244 236->222 239 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 237->239 240 40325c-403274 call 4035f8 call 4035e2 237->240 268 4032d4-4032d9 239->268 269 4032e8-403318 call 4035f8 call 403371 239->269 240->236 263 40327a-403280 240->263 247 403210-403214 243->247 248 403196-4031aa call 406113 243->248 244->236 252 403216-40321d call 40302e 247->252 253 40321e-403224 247->253 248->253 266 4031ac-4031b3 248->266 252->253 259 403233-40323b 253->259 260 403226-403230 call 406b22 253->260 259->231 267 403241 259->267 260->259 263->236 263->239 266->253 272 4031b5-4031bc 266->272 267->229 268->222 277 40331d-403320 269->277 272->253 274 4031be-4031c5 272->274 274->253 276 4031c7-4031ce 274->276 276->253 278 4031d0-4031f0 276->278 277->236 279 403329-40333a 277->279 278->236 280 4031f6-4031fa 278->280 283 403342-403347 279->283 284 40333c 279->284 281 403202-40320a 280->281 282 4031fc-403200 280->282 281->253 285 40320c-40320e 281->285 282->267 282->281 286 403348-40334e 283->286 284->283 285->253 286->286 287 403350-403368 call 406113 286->287 287->222
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,00000400), ref: 00403100
                                                                                                                        • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,80000000,00000003), ref: 0040615C
                                                                                                                        • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,80000000,00000003), ref: 00403149
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 0040328B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                      • API String ID: 2803837635-409049468
                                                                                                                      • Opcode ID: dff409350d06ce17b221650d583fb97333c6afb1e6ebf9b4c6eec62bfd946937
                                                                                                                      • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                      • Opcode Fuzzy Hash: dff409350d06ce17b221650d583fb97333c6afb1e6ebf9b4c6eec62bfd946937
                                                                                                                      • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                      Function 70404446 Relevance: 24.2, APIs: 10, Strings: 6, Instructions: 182stringmemoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 290 70404446-7040448b GlobalAlloc 292 70404491-704044a1 GlobalAlloc 290->292 293 704045a3-704045a8 290->293 294 704044a7-704044ca call 7040414a call 70404b73 292->294 295 70404598-704045a1 GlobalFree 292->295 296 704045af-704045b5 293->296 301 704044d0 294->301 302 70404562-70404565 294->302 295->293 295->296 305 704044d6-704044e0 lstrcmpiW 301->305 303 70404567-7040456a 302->303 304 7040458f-70404592 GlobalFree 302->304 303->304 306 7040456c-70404572 303->306 304->295 307 704044e2-704044e9 305->307 308 704044eb-704044f5 lstrcmpiW 305->308 309 70404581-7040458e call 70401558 306->309 310 70404574-70404580 call 70402a75 306->310 311 70404551-70404559 call 70404b73 307->311 312 70404636-7040463e call 70404b73 308->312 313 704044fb-70404505 lstrcmpiW 308->313 309->304 310->309 311->305 329 7040455f 311->329 328 70404644-70404647 312->328 312->329 316 7040450b-70404515 lstrcmpiW 313->316 317 704045fd-70404605 call 70404b73 313->317 322 7040451b-70404525 lstrcmpiW 316->322 323 704045df-704045e7 call 70404b73 316->323 317->329 337 7040460b-70404615 lstrcmpiW 317->337 330 704045b6-704045be call 70404b73 322->330 331 7040452b-70404530 322->331 323->329 338 704045ed-704045f0 323->338 328->304 334 7040464d 328->334 329->302 330->329 347 704045c0-704045c3 330->347 331->311 335 70404532-7040454e call 70401a11 331->335 339 7040464f-70404658 call 70401ff4 334->339 335->311 342 70404632-70404634 337->342 343 70404617-7040461f call 70404b73 337->343 338->304 344 704045f2-704045fb 338->344 355 704045d3-704045d8 339->355 342->339 343->329 353 70404625-70404628 343->353 351 704045ce call 70402bb4 344->351 347->304 349 704045c5-704045c9 347->349 349->351 351->355 353->304 356 7040462e-70404630 353->356 355->329 357 704045da-704045dd 355->357 356->339 357->304
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 70404481
                                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 70404494
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/index,00000000), ref: 704044DC
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/value), ref: 704044F1
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/file), ref: 70404501
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/http), ref: 70404511
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/exec), ref: 70404521
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70404592
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70404599
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/unicode,00000000), ref: 70404611
                                                                                                                        • Part of subcall function 7040414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70404182
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi$Global$Free$Alloc$lstrcpy
                                                                                                                      • String ID: /exec$/file$/http$/index$/unicode$/value
                                                                                                                      • API String ID: 2337425550-1467310578
                                                                                                                      • Opcode ID: e749881266bad10ee166f8b16752a2ad02b48fb6421b07075bbf2377276ded84
                                                                                                                      • Instruction ID: ecf9f4631544fb9de41570354e198cd8feff529564ac03ccd1566d1d5ea097e1
                                                                                                                      • Opcode Fuzzy Hash: e749881266bad10ee166f8b16752a2ad02b48fb6421b07075bbf2377276ded84
                                                                                                                      • Instruction Fuzzy Hash: A65172B2601606BFDB019F658D45B9F37BCEF84254F1081B9FE06B6204EBBDDA018B95
                                                                                                                      Function 004066A5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 579 4066a5-4066b0 580 4066b2-4066c1 579->580 581 4066c3-4066d9 579->581 580->581 582 4066f1-4066fa 581->582 583 4066db-4066e8 581->583 585 406700 582->585 586 4068d5-4068e0 582->586 583->582 584 4066ea-4066ed 583->584 584->582 587 406705-406712 585->587 588 4068e2-4068e6 call 406668 586->588 589 4068eb-4068ec 586->589 587->586 590 406718-406721 587->590 588->589 592 4068b3 590->592 593 406727-406764 590->593 596 4068c1-4068c4 592->596 597 4068b5-4068bf 592->597 594 406857-40685c 593->594 595 40676a-406771 593->595 598 40685e-406864 594->598 599 40688f-406894 594->599 600 406773-406775 595->600 601 406776-406778 595->601 602 4068c6-4068cf 596->602 597->602 604 406874-406880 call 406668 598->604 605 406866-406872 call 4065af 598->605 608 4068a3-4068b1 lstrlenW 599->608 609 406896-40689e call 4066a5 599->609 600->601 606 4067b5-4067b8 601->606 607 40677a-4067a1 call 406536 601->607 602->586 603 406702 602->603 603->587 619 406885-40688b 604->619 605->619 614 4067c8-4067cb 606->614 615 4067ba-4067c6 GetSystemDirectoryW 606->615 624 4067a7-4067b0 call 4066a5 607->624 625 40683e-406842 607->625 608->602 609->608 616 406834-406836 614->616 617 4067cd-4067db GetWindowsDirectoryW 614->617 621 406838-40683c 615->621 616->621 623 4067dd-4067e5 616->623 617->616 619->608 622 40688d 619->622 621->625 626 40684f-406855 call 4068ef 621->626 622->626 627 4067e7-4067f0 623->627 628 4067fc-406812 SHGetSpecialFolderLocation 623->628 624->621 625->626 630 406844-40684a lstrcatW 625->630 626->608 636 4067f8-4067fa 627->636 632 406830 628->632 633 406814-40682e SHGetPathFromIDListW CoTaskMemFree 628->633 630->626 632->616 633->621 633->632 636->621 636->628
                                                                                                                      APIs
                                                                                                                      • GetSystemDirectoryW.KERNEL32(get,00000400), ref: 004067C0
                                                                                                                      • GetWindowsDirectoryW.KERNEL32(get,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                      • lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                      • lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                      • String ID: 7303796$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$get
                                                                                                                      • API String ID: 4260037668-1017124254
                                                                                                                      • Opcode ID: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                                                                                      • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                      • Opcode Fuzzy Hash: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                                                                                      • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                      Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 701 40176f-401794 call 402da6 call 405fae 706 401796-40179c call 406668 701->706 707 40179e-4017b0 call 406668 call 405f37 lstrcatW 701->707 712 4017b5-4017b6 call 4068ef 706->712 707->712 716 4017bb-4017bf 712->716 717 4017c1-4017cb call 40699e 716->717 718 4017f2-4017f5 716->718 725 4017dd-4017ef 717->725 726 4017cd-4017db CompareFileTime 717->726 720 4017f7-4017f8 call 406133 718->720 721 4017fd-401819 call 406158 718->721 720->721 728 40181b-40181e 721->728 729 40188d-4018b6 call 4056ca call 403371 721->729 725->718 726->725 731 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 728->731 732 40186f-401879 call 4056ca 728->732 742 4018b8-4018bc 729->742 743 4018be-4018ca SetFileTime 729->743 731->716 763 401864-401865 731->763 744 401882-401888 732->744 742->743 746 4018d0-4018db FindCloseChangeNotification 742->746 743->746 747 402c33 744->747 749 4018e1-4018e4 746->749 750 402c2a-402c2d 746->750 751 402c35-402c39 747->751 753 4018e6-4018f7 call 4066a5 lstrcatW 749->753 754 4018f9-4018fc call 4066a5 749->754 750->747 760 401901-402398 753->760 754->760 764 40239d-4023a2 760->764 765 402398 call 405cc8 760->765 763->744 766 401867-401868 763->766 764->751 765->764 766->732
                                                                                                                      APIs
                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,C:\Users\user\PCAppStore,?,?,00000031), ref: 004017D5
                                                                                                                        • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp$C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp\inetc.dll$C:\Users\user\PCAppStore$get
                                                                                                                      • API String ID: 1941528284-49977377
                                                                                                                      • Opcode ID: 8a10f81b580edd96727de623d2cb72512ccae63576be40aac63ba19ed1c47bc7
                                                                                                                      • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                      • Opcode Fuzzy Hash: 8a10f81b580edd96727de623d2cb72512ccae63576be40aac63ba19ed1c47bc7
                                                                                                                      • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                      Function 7040431D Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 115memorystringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 767 7040431d-70404360 GlobalAlloc 769 70404434-7040443c 767->769 770 70404366-7040437c call 7040414a 767->770 771 7040443f-70404445 769->771 774 704043bd-704043c5 call 70404b73 770->774 777 704043c7 774->777 778 7040437e-7040438c lstrcmpiW 774->778 779 704043d3-704043d8 777->779 780 70404393-704043a1 lstrcmpiW 778->780 781 7040438e-70404391 778->781 782 70404429-70404432 GlobalFree 779->782 783 704043da-704043f1 call 70401c1c 779->783 784 704043a3-704043a7 780->784 785 704043a9-704043b7 lstrcmpiW 780->785 781->774 782->769 782->771 790 704043f6-704043fb 783->790 784->774 787 704043c9-704043cb 785->787 788 704043b9-704043ba 785->788 787->779 789 704043cd-704043ce call 70404c09 787->789 788->774 789->779 792 704043fd-704043ff 790->792 793 7040440e-70404424 GetLastError call 70403fc3 call 70404c09 790->793 794 70404401-70404402 call 70404c09 792->794 795 70404407-7040440c 792->795 793->782 794->795 795->782
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 70404356
                                                                                                                        • Part of subcall function 7040414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70404182
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/file,00000000), ref: 70404384
                                                                                                                      • GetLastError.KERNEL32 ref: 7040440E
                                                                                                                        • Part of subcall function 70404C09: GlobalAlloc.KERNEL32(00000040,?,00000000,?,704041B1,?,?,70402D8C,00000000,00000000,00000000), ref: 70404C25
                                                                                                                        • Part of subcall function 70404C09: lstrcpynW.KERNEL32(00000004,?,?,704041B1,?,?,70402D8C,00000000,00000000,00000000), ref: 70404C3A
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 7040442A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocFreelstrcmpi$ErrorLastlstrcpylstrcpyn
                                                                                                                      • String ID: /file$/format$/unicode$JSON_Serialize
                                                                                                                      • API String ID: 2114172429-2463986589
                                                                                                                      • Opcode ID: 1bac4f1d47556a31cdb8190a7d060c162d1c094ff51eae37506e3d8fa93c4a27
                                                                                                                      • Instruction ID: 8c4e8ebb30f1f79fd2a0d4fdac87f532f20b49c99378c319be5e42d3df9003b9
                                                                                                                      • Opcode Fuzzy Hash: 1bac4f1d47556a31cdb8190a7d060c162d1c094ff51eae37506e3d8fa93c4a27
                                                                                                                      • Instruction Fuzzy Hash: 6D31ABF1701215AFD7019F669D88F9F37BCEF89201F1050B9FD0AF6211E7B899118AA5
                                                                                                                      Function 7040240B Relevance: 13.6, APIs: 9, Instructions: 120filestringmemoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 800 7040240b-70402424 801 70402492-7040249a 800->801 802 70402426-70402444 CreateFileW 800->802 805 704024a4 lstrlenA 801->805 806 7040249c-704024a2 lstrlenW 801->806 803 7040244a-70402459 GetFileSize 802->803 804 7040252d-70402535 802->804 807 70402486-70402490 CloseHandle 803->807 808 7040245b-70402474 GlobalAlloc 803->808 809 704024aa 805->809 806->809 811 704024ad-704024af 807->811 808->807 810 70402476-70402480 ReadFile 808->810 809->811 810->807 811->804 812 704024b1-704024b5 811->812 813 704024d3-704024d9 812->813 814 704024b7-704024d1 call 70401492 call 70401052 812->814 815 704024f2 813->815 816 704024db-704024df 813->816 826 70402520-70402524 814->826 819 704024f4-70402504 call 704021fb 815->819 816->815 818 704024e1-704024e5 816->818 818->815 821 704024e7-704024f0 818->821 819->826 827 70402506-7040251a call 70401052 GlobalFree 819->827 821->819 826->804 829 70402526-70402527 GlobalFree 826->829 827->826 829->804
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(00000002,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000002,771AF360,00000000,00000002,00000000), ref: 70402439
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 7040244C
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 7040246A
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 70402480
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 70402487
                                                                                                                      • lstrlenW.KERNEL32(00000002,00000000,00000002,771AF360), ref: 7040249C
                                                                                                                      • lstrlenA.KERNEL32(00000002,00000000,00000002,771AF360), ref: 704024A4
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 7040251A
                                                                                                                      • GlobalFree.KERNEL32(00000002), ref: 70402527
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileGlobal$Freelstrlen$AllocCloseCreateHandleReadSize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 670225477-0
                                                                                                                      • Opcode ID: eb2677ef0c73a2612ab395ad06ac532d39f8b0d226dd6739094e840093d06b47
                                                                                                                      • Instruction ID: 88d424b3b58c674792ce0490ded3d8d680fb5fdb8b999a0bb7aef3d2d290e601
                                                                                                                      • Opcode Fuzzy Hash: eb2677ef0c73a2612ab395ad06ac532d39f8b0d226dd6739094e840093d06b47
                                                                                                                      • Instruction Fuzzy Hash: A531B1B2801245BBDB118B65CE09B9F7BBCEF85320F1081B9FD17B62D0D6389A048B60
                                                                                                                      Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 831 4069c5-4069e5 GetSystemDirectoryW 832 4069e7 831->832 833 4069e9-4069eb 831->833 832->833 834 4069fc-4069fe 833->834 835 4069ed-4069f6 833->835 837 4069ff-406a32 wsprintfW LoadLibraryExW 834->837 835->834 836 4069f8-4069fa 835->836 836->837
                                                                                                                      APIs
                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                      • wsprintfW.USER32 ref: 00406A17
                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                                                      • API String ID: 2200240437-1946221925
                                                                                                                      • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                      • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                      • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                      • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                      Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2667972263-0
                                                                                                                      • Opcode ID: 3dd095c025195d1a428b75d74b89fb792f772f3b0487a4c6f2200001eeea121b
                                                                                                                      • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                      • Opcode Fuzzy Hash: 3dd095c025195d1a428b75d74b89fb792f772f3b0487a4c6f2200001eeea121b
                                                                                                                      • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                      Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 874 405b99-405be4 CreateDirectoryW 875 405be6-405be8 874->875 876 405bea-405bf7 GetLastError 874->876 877 405c11-405c13 875->877 876->877 878 405bf9-405c0d SetFileSecurityW 876->878 878->875 879 405c0f GetLastError 878->879 879->877
                                                                                                                      APIs
                                                                                                                      • CreateDirectoryW.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                      • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                      • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 3449924974-2382934351
                                                                                                                      • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                      • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                      • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                      • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                      Function 70401C1C Relevance: 7.6, APIs: 5, Instructions: 87fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 880 70401c1c-70401c2d 881 70401c53 880->881 882 70401c2f-70401c34 880->882 884 70401c55-70401c58 881->884 882->881 883 70401c36-70401c39 882->883 883->881 885 70401c3b-70401c51 call 70401000 883->885 886 70401ca4-70401cc7 call 70402536 884->886 887 70401c5a-70401c78 CreateFileW 884->887 885->884 892 70401cca-70401ccc 886->892 890 70401c99-70401ca2 GetLastError 887->890 891 70401c7a-70401c88 call 704027ba 887->891 890->892 896 70401c8d-70401c97 CloseHandle 891->896 897 70401cd5-70401cec SetLastError 892->897 898 70401cce-70401ccf GlobalFree 892->898 896->892 898->897
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000002,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,70403F05,?,00000000,?), ref: 70401C6D
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 70401C91
                                                                                                                      • GetLastError.KERNEL32(?,?,70403F05,?,00000000,?,00000000,00000000,00000000), ref: 70401C99
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70401CCF
                                                                                                                      • SetLastError.KERNEL32(00000000,70403F05,?,00000000,?,00000000,00000000,00000000), ref: 70401CD8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$CloseCreateFileFreeGlobalHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 653717721-0
                                                                                                                      • Opcode ID: a0fc84f9d816d1d0338e1cc69c5356953db30c194f90e7a3fdb4458d7719c7a7
                                                                                                                      • Instruction ID: 3a159ee9f9dfe89c2ec73e34ee8fb821c21c524b6bfc9f5feb2006a0ec9b4a67
                                                                                                                      • Opcode Fuzzy Hash: a0fc84f9d816d1d0338e1cc69c5356953db30c194f90e7a3fdb4458d7719c7a7
                                                                                                                      • Instruction Fuzzy Hash: FF215EB2904218FFEB019F61CD49A9F37BCEF44354F5081B9F916A7250E635DE509AA0
                                                                                                                      Function 70141817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 899 70141817-70141856 call 70141bff 903 70141976-70141978 899->903 904 7014185c-70141860 899->904 905 70141862-70141868 call 7014243e 904->905 906 70141869-70141876 call 70142480 904->906 905->906 911 701418a6-701418ad 906->911 912 70141878-7014187d 906->912 913 701418cd-701418d1 911->913 914 701418af-701418cb call 70142655 call 70141654 call 70141312 GlobalFree 911->914 915 7014187f-70141880 912->915 916 70141898-7014189b 912->916 917 701418d3-7014191c call 70141666 call 70142655 913->917 918 7014191e-70141924 call 70142655 913->918 939 70141925-70141929 914->939 921 70141882-70141883 915->921 922 70141888-70141889 call 70142b98 915->922 916->911 919 7014189d-7014189e call 70142e23 916->919 917->939 918->939 933 701418a3 919->933 928 70141885-70141886 921->928 929 70141890-70141896 call 70142810 921->929 930 7014188e 922->930 928->911 928->922 938 701418a5 929->938 930->933 933->938 938->911 943 70141966-7014196d 939->943 944 7014192b-70141939 call 70142618 939->944 943->903 946 7014196f-70141970 GlobalFree 943->946 949 70141951-70141958 944->949 950 7014193b-7014193e 944->950 946->903 949->943 952 7014195a-70141965 call 701415dd 949->952 950->949 951 70141940-70141948 950->951 951->949 953 7014194a-7014194b FreeLibrary 951->953 952->943 953->949
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 70141BFF: GlobalFree.KERNEL32(?), ref: 70141E74
                                                                                                                        • Part of subcall function 70141BFF: GlobalFree.KERNEL32(?), ref: 70141E79
                                                                                                                        • Part of subcall function 70141BFF: GlobalFree.KERNEL32(?), ref: 70141E7E
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 701418C5
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 7014194B
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70141970
                                                                                                                        • Part of subcall function 7014243E: GlobalAlloc.KERNEL32(00000040,?), ref: 7014246F
                                                                                                                        • Part of subcall function 70142810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,70141896,00000000), ref: 701428E0
                                                                                                                        • Part of subcall function 70141666: wsprintfW.USER32 ref: 70141694
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3962662361-3916222277
                                                                                                                      • Opcode ID: 11eca8b25fb26bf1595546eade159e084254cbfe9857880530e6097022c6b7b5
                                                                                                                      • Instruction ID: 781eef460ca0e83f9017f428c11921f16c4cd5eb5f9f65223fc67b2c954073ee
                                                                                                                      • Opcode Fuzzy Hash: 11eca8b25fb26bf1595546eade159e084254cbfe9857880530e6097022c6b7b5
                                                                                                                      • Instruction Fuzzy Hash: 5441E2729002029FCB009F20DC85B9D37BCBF05354F366469FD0A9A6B6DBB4D484CB60
                                                                                                                      Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 956 40248a-4024bb call 402da6 * 2 call 402e36 963 4024c1-4024cb 956->963 964 402c2a-402c39 956->964 965 4024cd-4024da call 402da6 lstrlenW 963->965 966 4024de-4024e1 963->966 965->966 969 4024e3-4024f4 call 402d84 966->969 970 4024f5-4024f8 966->970 969->970 974 402509-40251d RegSetValueExW 970->974 975 4024fa-402504 call 403371 970->975 978 402522-402603 RegCloseKey 974->978 979 40251f 974->979 975->974 978->964 979->978
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                      • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp
                                                                                                                      • API String ID: 2655323295-466974532
                                                                                                                      • Opcode ID: 0c53a365a9c608e81ef79c85193ab9a3ad89e5c6fa2fbf23b50052b3995ee250
                                                                                                                      • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                                                      • Opcode Fuzzy Hash: 0c53a365a9c608e81ef79c85193ab9a3ad89e5c6fa2fbf23b50052b3995ee250
                                                                                                                      • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                                                      Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                      • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\$nsa
                                                                                                                      • API String ID: 1716503409-3083371207
                                                                                                                      • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                      • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                      • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                      • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                      Function 70401FF4 Relevance: 6.4, APIs: 5, Instructions: 147stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70402029
                                                                                                                        • Part of subcall function 70401558: GlobalFree.KERNEL32(?), ref: 704015B5
                                                                                                                        • Part of subcall function 70401558: GlobalFree.KERNEL32(?), ref: 704015C9
                                                                                                                        • Part of subcall function 70401558: GlobalFree.KERNEL32(00000000), ref: 704015E0
                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,771AF360,?,70404658), ref: 7040205F
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 704020D2
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704020F1
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70402152
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeGlobal$lstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3041391548-0
                                                                                                                      • Opcode ID: b2f14cede39764ddc7e217f7bb0512dbc777b08c3068823382c4665ca5fc1ed5
                                                                                                                      • Instruction ID: 2691e717e4e3e2835fdf190974f2ef1766fe0267d2ac334cf7f6d4876b3aaf27
                                                                                                                      • Opcode Fuzzy Hash: b2f14cede39764ddc7e217f7bb0512dbc777b08c3068823382c4665ca5fc1ed5
                                                                                                                      • Instruction Fuzzy Hash: 85514C71004746DFD7129F14CA84A1EBBF8FF45364720C5BDEAAAAA790D739E881DB40
                                                                                                                      Function 701410E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 70141171
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 701411E3
                                                                                                                      • GlobalFree.KERNEL32 ref: 7014124A
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 7014129B
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 701412B1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Free$Alloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1780285237-0
                                                                                                                      • Opcode ID: 133d9b08a57a34310c712742fc0513156ba9fa786bdc5f5df08181b091ff0a62
                                                                                                                      • Instruction ID: f4c3bc4fde7445723cf6792ef03e0b5dd2659b3d4b42defcf1b8a34379be9dbc
                                                                                                                      • Opcode Fuzzy Hash: 133d9b08a57a34310c712742fc0513156ba9fa786bdc5f5df08181b091ff0a62
                                                                                                                      • Instruction Fuzzy Hash: D8516ABA9002019FD700CF69D955E5A7BB8FB0A715B325129FA46DBB31E7B4E900CB60
                                                                                                                      Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,771B3420,?,771B2EE0,00405D94,?,771B3420,771B2EE0,00000000), ref: 00405FF0
                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                        • Part of subcall function 00405B99: CreateDirectoryW.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\PCAppStore,?,00000000,000000F0), ref: 0040164D
                                                                                                                      Strings
                                                                                                                      • C:\Users\user\PCAppStore, xrefs: 00401640
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                      • String ID: C:\Users\user\PCAppStore
                                                                                                                      • API String ID: 1892508949-659306738
                                                                                                                      • Opcode ID: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                      • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                      • Opcode Fuzzy Hash: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                      • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                      Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                      • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                      • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                      • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                      Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                      • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                      • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                      • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                      Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                      • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                      • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                      • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                      Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                      • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                      • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                      • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                      Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                      • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                      • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                      • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                      Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                      • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                      • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                      • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                      Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                      • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                      • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                      • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                      Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                        • Part of subcall function 004035F8: SetFilePointer.KERNEL32(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                      • SetFilePointer.KERNEL32(12E6C0B1,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer$CountTick
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1092082344-0
                                                                                                                      • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                      • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                      • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                      • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                      Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 334405425-0
                                                                                                                      • Opcode ID: 52f8d756bd50154f6a3dea7293860066d65bf9effb7e174b318ab9c425843f66
                                                                                                                      • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                                                      • Opcode Fuzzy Hash: 52f8d756bd50154f6a3dea7293860066d65bf9effb7e174b318ab9c425843f66
                                                                                                                      • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                                                      Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalFree.KERNEL32(03827A08), ref: 00401C0B
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                      • String ID: get
                                                                                                                      • API String ID: 3292104215-4248514160
                                                                                                                      • Opcode ID: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                                                                                      • Instruction ID: d74cddccbdd50a14e5bf5e3e63826a63b2a65df0fd836753f00777670cd3b466
                                                                                                                      • Opcode Fuzzy Hash: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                                                                                      • Instruction Fuzzy Hash: 5321D872904210DBDB20EFA4DEC4E5E73A4AB047157150A3BF542F72D0D6BD9C518BAD
                                                                                                                      Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Enum$CloseValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 397863658-0
                                                                                                                      • Opcode ID: a2874957321bf6034ab335a01143add9f6f6121a8284cc98450072ad0413cc1f
                                                                                                                      • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                                                                                      • Opcode Fuzzy Hash: a2874957321bf6034ab335a01143add9f6f6121a8284cc98450072ad0413cc1f
                                                                                                                      • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                                                                                      Function 7040238C Relevance: 4.5, APIs: 3, Instructions: 37fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,7040294A,00000000,7040510C,00000001,00000000,00000000,00000000,00000000,?,70401C8D), ref: 704023A7
                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 704023D4
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704023DB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWrite$FreeGlobal
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1622085458-0
                                                                                                                      • Opcode ID: 827d6185d6b5467ca721d860316eaade259687bfde5fb08ea7dbd28a25c9a278
                                                                                                                      • Instruction ID: d480a81f1b412d9cc573db944923e5c2d8e00f7a1b7cad6174b0366537b3faa5
                                                                                                                      • Opcode Fuzzy Hash: 827d6185d6b5467ca721d860316eaade259687bfde5fb08ea7dbd28a25c9a278
                                                                                                                      • Instruction Fuzzy Hash: 65F0ED32041219AFDB019F91EE09BEF3BACEF04361F4040A0BE09A51A0D7799A64DBA1
                                                                                                                      Function 704027BA Relevance: 3.9, APIs: 3, Instructions: 168stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000,?,70401C8D,00000000,00000000,00000000,?,?,?,70403F05,?,00000000), ref: 7040287F
                                                                                                                      • lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 704027EC
                                                                                                                        • Part of subcall function 7040238C: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 704023D4
                                                                                                                        • Part of subcall function 7040238C: GlobalFree.KERNEL32(00000000), ref: 704023DB
                                                                                                                      • lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 70402855
                                                                                                                        • Part of subcall function 7040238C: WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,7040294A,00000000,7040510C,00000001,00000000,00000000,00000000,00000000,?,70401C8D), ref: 704023A7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen$FileWrite$FreeGlobal
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3086006887-0
                                                                                                                      • Opcode ID: 1f6b843930288b37827f9091fa407d67a4144963901cc6e9a365fccdde1f0e12
                                                                                                                      • Instruction ID: ff843aa37cd6b067a56038623e75c9262ec42cbf913b6727f58553d5d2ae3eee
                                                                                                                      • Opcode Fuzzy Hash: 1f6b843930288b37827f9091fa407d67a4144963901cc6e9a365fccdde1f0e12
                                                                                                                      • Instruction Fuzzy Hash: 93415B71600211BBEF251A21CD86FBF3A69EF06718F0041B9FD097D1C1D7BDA85096B2
                                                                                                                      Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                      Strings
                                                                                                                      • C:\Users\user\PCAppStore, xrefs: 00402269
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInstance
                                                                                                                      • String ID: C:\Users\user\PCAppStore
                                                                                                                      • API String ID: 542301482-659306738
                                                                                                                      • Opcode ID: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                      • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                      • Opcode Fuzzy Hash: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                      • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                      Function 004064D5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,00422728,?,('B,00406563,('B,00000000,?,?,get,?), ref: 004064F9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Open
                                                                                                                      • String ID: ('B
                                                                                                                      • API String ID: 71445658-2332581011
                                                                                                                      • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                      • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                                                      • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                      • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                                                      Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                      • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                      • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                      • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                      Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseQueryValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3356406503-0
                                                                                                                      • Opcode ID: 2f519eafec3af35988992028302c1fe2ffbfb85c9afca13b7af9384ace0fec36
                                                                                                                      • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                                                                                      • Opcode Fuzzy Hash: 2f519eafec3af35988992028302c1fe2ffbfb85c9afca13b7af9384ace0fec36
                                                                                                                      • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                      • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                      • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                      • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                      • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                      Function 70177A9E Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,701746AC,00000000), ref: 70177AAF
                                                                                                                        • Part of subcall function 70177956: GetVersionExA.KERNEL32 ref: 70177975
                                                                                                                      • HeapDestroy.KERNEL32 ref: 70177AEE
                                                                                                                        • Part of subcall function 701799EF: HeapAlloc.KERNEL32(00000000,00000140,70177AD7,000003F8), ref: 701799FC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2507506473-0
                                                                                                                      • Opcode ID: d96d45c5fd5c9fd84613a25bc19f22af05632a6ed88c02d1b097648208cf441d
                                                                                                                      • Instruction ID: c1651d5f383653e611ea8bbabe089e291fb3412b0c53176189da42d95edb748f
                                                                                                                      • Opcode Fuzzy Hash: d96d45c5fd5c9fd84613a25bc19f22af05632a6ed88c02d1b097648208cf441d
                                                                                                                      • Instruction Fuzzy Hash: 0BF065725042029EFB01C7714D46B1E36A5AB44655F74E466F502C99E4EAA0DAC09711
                                                                                                                      Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3712363035-0
                                                                                                                      • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                      • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                                                      • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                      • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                                                      Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                        • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                        • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                        • Part of subcall function 004069C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2547128583-0
                                                                                                                      • Opcode ID: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                      • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                      • Opcode Fuzzy Hash: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                      • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                      Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,80000000,00000003), ref: 0040615C
                                                                                                                      • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 415043291-0
                                                                                                                      • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                      • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                      • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                      • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                      Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AttributesFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3188754299-0
                                                                                                                      • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                      • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                      • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                      • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                      Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00403633,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                      • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1375471231-0
                                                                                                                      • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                      • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                      • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                      • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                      Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Create
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2289755597-0
                                                                                                                      • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                      • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                                                      • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                      • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                                                      Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WriteFile.KERNEL32(?,00000000,00000000,00000000,00000000,00411A9C,0040CEF0,00403579,0040CEF0,00411A9C,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3934441357-0
                                                                                                                      • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                      • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                      • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                      • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                      Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                      • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                      • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                      • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                      Function 70142A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VirtualProtect.KERNEL32(7014505C,00000004,00000040,7014504C), ref: 70142A9D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProtectVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 544645111-0
                                                                                                                      • Opcode ID: 3ce031b4c506b67f5dc998f1a24a55ecb7f4b4a95de88548cec81246f7500f72
                                                                                                                      • Instruction ID: ae4596901aacfa03b861ab8154ec4e4827322564a23871dd9c7ac695ccd89ee7
                                                                                                                      • Opcode Fuzzy Hash: 3ce031b4c506b67f5dc998f1a24a55ecb7f4b4a95de88548cec81246f7500f72
                                                                                                                      • Instruction Fuzzy Hash: E4F092BA500284DEC360CF2A8C647093FE0B70B308B74466AF988D7A72E3744444CBA1
                                                                                                                      Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                      • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                      • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                      • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                      Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                        • Part of subcall function 00405C4B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                                                                                        • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                        • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                        • Part of subcall function 00406AE0: GetExitCodeProcess.KERNEL32(?,?), ref: 00406B13
                                                                                                                        • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2972824698-0
                                                                                                                      • Opcode ID: 39558c5643c496eaffaca9d6483fe6d6b72d5b00fb47a50e88cd8089dc569f6d
                                                                                                                      • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                                                      • Opcode Fuzzy Hash: 39558c5643c496eaffaca9d6483fe6d6b72d5b00fb47a50e88cd8089dc569f6d
                                                                                                                      • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                                                      Function 701412BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,701412DB,?,7014137F,00000019,701411CA,-000000A0), ref: 701412C5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocGlobal
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3761449716-0
                                                                                                                      • Opcode ID: 232f6760b2226768eb9ec6fb8a957ec5d9c08dec651cb6c23da15f55f1fcf2ef
                                                                                                                      • Instruction ID: d387b1d519a766a77e9deb815cf26efd01da970645bbd491af2411d5608350cd
                                                                                                                      • Opcode Fuzzy Hash: 232f6760b2226768eb9ec6fb8a957ec5d9c08dec651cb6c23da15f55f1fcf2ef
                                                                                                                      • Instruction Fuzzy Hash: 7CB01276A00000DFEF008B65CC06F343254F701301F244010FB04C25B1C1604C108534

                                                                                                                      Non-executed Functions

                                                                                                                      Function 7040332C Relevance: 198.6, APIs: 74, Strings: 39, Instructions: 845networkstringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,PreConfig,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 704033B5
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,Proxy,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 704033C5
                                                                                                                      • InternetOpenW.WININET(?,00000001,00000000,00000000,00000000), ref: 70403421
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000003C,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 70403436
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,70405110,Raw,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403487
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 704034D7
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 704034FD
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 7040351F
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 70403531
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 7040354A
                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,00000000), ref: 70403561
                                                                                                                      • InternetConnectW.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 70403582
                                                                                                                      • lstrcpyW.KERNEL32(?,704052F8), ref: 704035D4
                                                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 704035E8
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,?,00000000,?,GET), ref: 7040361D
                                                                                                                      • InternetSetOptionW.WININET(?,0000002B,?,00000000), ref: 7040362C
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,?,00000000,?,?,00000000,?,GET), ref: 70403653
                                                                                                                      • InternetSetOptionW.WININET(?,0000002C,?,00000000), ref: 70403662
                                                                                                                      • InternetSetOptionW.WININET(?,00000041,?,00000004), ref: 7040368D
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,GET), ref: 704036B1
                                                                                                                      • InternetSetOptionW.WININET(?,0000001C,?,00000000), ref: 704036C0
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,?,00000000,?,00000000,?,?,?,?,?,?,GET), ref: 704036E4
                                                                                                                      • InternetSetOptionW.WININET(?,0000001D,?,00000000), ref: 704036F3
                                                                                                                      • InternetSetOptionW.WININET(?,00000002,?,00000004), ref: 70403727
                                                                                                                      • InternetSetOptionW.WININET(?,00000005,?,00000004), ref: 7040375B
                                                                                                                      • InternetSetOptionW.WININET(?,00000006,?,00000004), ref: 7040378F
                                                                                                                      • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,70406024,84480200,00000000), ref: 704037B6
                                                                                                                      • HttpAddRequestHeadersW.WININET(00000000,?,000000FF,00000000), ref: 7040382E
                                                                                                                      • HttpAddRequestHeadersW.WININET(00000000,Accept-Encoding: gzip,deflate,000000FF,20000000), ref: 70403847
                                                                                                                      • lstrcmpiW.KERNEL32(?,POST,?,?,?,?,?,?,?,?,00000000), ref: 70403855
                                                                                                                      • HttpAddRequestHeadersW.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 70403879
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 704038A2
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 704038AD
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,00000000), ref: 704038C5
                                                                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 704038D5
                                                                                                                      • lstrcatW.KERNEL32(00000000,704051A0), ref: 704038E1
                                                                                                                      • lstrcatW.KERNEL32(00000000,?), ref: 704038EB
                                                                                                                      • lstrcatW.KERNEL32(00000000,704050F8), ref: 704038F7
                                                                                                                      • HttpAddRequestHeadersW.WININET(?,00000000,?,A0000000), ref: 70403907
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 7040390E
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 7040396C
                                                                                                                      • lstrcmpiW.KERNEL32(?,Unicode,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 7040399B
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 704039A8
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,?,00000000), ref: 704039B9
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 704039C6
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 704039E2
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,?), ref: 70403A0D
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403A1A
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70403A34
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70403A3D
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 70403A4A
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 70403A57
                                                                                                                      • InternetQueryDataAvailable.WININET(00000000,?,00000000,00000000), ref: 70403A81
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000), ref: 70403A96
                                                                                                                      • InternetReadFile.WININET(00000000,00000000,?,?), ref: 70403AB5
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 70403B14
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70403B2F
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 70403B37
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000013,00000000,?,00000000), ref: 70403B5C
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403B66
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403B7E
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000013,00000000,?,00000000), ref: 70403B95
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70403BB6
                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 70403BBD
                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,00000000,?,?,00000000,?,?,00000000,?,00000000), ref: 70403BC5
                                                                                                                      • InternetCloseHandle.WININET(?), ref: 70403BDF
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 70403BE7
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 70403BF5
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70403C0F
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70403C18
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70403C32
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70403C39
                                                                                                                      • InternetCloseHandle.WININET(?), ref: 70403C42
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 70403C4A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$Global$ErrorLast$Httplstrlen$Free$OptionRequest$Alloc$lstrcmpi$Headers$CloseHandleQuerySendlstrcatlstrcpy$InfoOpen$AvailableConnectCrackDataFileRead
                                                                                                                      • String ID: Accept-Encoding: gzip,deflate$AccessType$Agent$Bypass$ConnectTimeout$Content-Type: application/json$Content-Type: application/x-www-form-urlencoded$Data$DataEncoding$Decoding$GET$Headers$HttpOpenRequest$HttpSendRequest$InternetConnect$InternetCrackUrl$InternetOpen$InternetQueryDataAvailable$InternetReadFile$JSON_SerializeAlloc$Output$POST$Params$ParamsType$Password$PreConfig$Proxy$Raw$RawOutput$ReceiveTimeout$SendTimeout$Server$StatusCode$Unicode$UnicodeOutput$Url$Username$Verb$nsJSON NSIS plug-in/1.0.x.x
                                                                                                                      • API String ID: 1670357981-3940592491
                                                                                                                      • Opcode ID: 6ff3c738f3308da8e360884aeccb7963c0dfc0c16419b8aec36ad7b63b6b1198
                                                                                                                      • Instruction ID: 4c8643038090c2ff3669571e8e9a096c7477576161ac51de819d516956376d38
                                                                                                                      • Opcode Fuzzy Hash: 6ff3c738f3308da8e360884aeccb7963c0dfc0c16419b8aec36ad7b63b6b1198
                                                                                                                      • Instruction Fuzzy Hash: 094240B2A00215BFEB015BB18E49F6F7B7CEF04315F1045B9F906FA251EB39D9108AA1
                                                                                                                      Function 70402E57 Relevance: 79.2, APIs: 34, Strings: 11, Instructions: 412memorystringfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 70402ECB
                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000,?,?,00000000), ref: 70402EFE
                                                                                                                      • SetHandleInformation.KERNEL32(?,00000001,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 70402F15
                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000,?,?,00000000), ref: 70402F2D
                                                                                                                      • SetHandleInformation.KERNEL32(?,00000001,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 70402F3E
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000010,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 70402F4C
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000044,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 70402F5F
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000), ref: 70402FC8
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,00000000), ref: 70402FE2
                                                                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 7040300F
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000), ref: 70403014
                                                                                                                      • lstrcpyW.KERNEL32(00000000,704050EC), ref: 70403028
                                                                                                                      • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000001,08000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 70403095
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 704030C4
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403132
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403140
                                                                                                                      • ReadFile.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403160
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000002,00000042), ref: 7040317E
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 7040318C
                                                                                                                      • ReadFile.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 704031CD
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 704031D5
                                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 70403246
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000016,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 70403254
                                                                                                                      • wsprintfW.USER32 ref: 70403269
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70403285
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 7040328D
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704032A7
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 704032B1
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704032B8
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 704032CA
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 704032D9
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 704032E8
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 704032F7
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704032FE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Handle$Close$Alloc$Free$Create$FileInformationPipeProcessReadlstrcpylstrlen$CodeErrorExitLastwsprintf
                                                                                                                      • String ID: %lu$Arguments$DoCreateProcess$ExitCode$Input$Output$Path$RawOutput$UnicodeInput$UnicodeOutput$WorkingDir
                                                                                                                      • API String ID: 2805452489-696223222
                                                                                                                      • Opcode ID: 6af6f56b22f43a173b03c0ab7f76f0c9bb0df949246c2229c1b3fc674a1e070a
                                                                                                                      • Instruction ID: e1d68a183a1633536707455b00c5f5ec82fbb42e045e7d15d2d3e0e620db4714
                                                                                                                      • Opcode Fuzzy Hash: 6af6f56b22f43a173b03c0ab7f76f0c9bb0df949246c2229c1b3fc674a1e070a
                                                                                                                      • Instruction Fuzzy Hash: 69E14A72A00219AFDB119BA5CE45F9F7BBDEF08741F1041B9F906BA260D7799D40CBA0
                                                                                                                      Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                                                                                      • GetClientRect.USER32(?,?), ref: 004058B3
                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                                                                                        • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                      • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                      • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                      • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                                                      • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                      • String ID: H7B${
                                                                                                                      • API String ID: 590372296-2256286769
                                                                                                                      • Opcode ID: 0185fb71cb0ebac8bb253ddb79263eb6e3c4c27c477fa06c1930d1494c9be16a
                                                                                                                      • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                      • Opcode Fuzzy Hash: 0185fb71cb0ebac8bb253ddb79263eb6e3c4c27c477fa06c1930d1494c9be16a
                                                                                                                      • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                      Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                      • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                                                                                      • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                        • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 0040546B
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                      • String ID: $M$N
                                                                                                                      • API String ID: 2564846305-813528018
                                                                                                                      • Opcode ID: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                                                                                      • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                      • Opcode Fuzzy Hash: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                                                                                      • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                      Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                      • ShowWindow.USER32(?), ref: 00404121
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                      • DestroyWindow.USER32 ref: 00404160
                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                      • EnableWindow.USER32(?,?), ref: 004043AC
                                                                                                                      • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                      • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                      • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                      • String ID: H7B
                                                                                                                      • API String ID: 1860320154-2300413410
                                                                                                                      • Opcode ID: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                                                                                      • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                      • Opcode Fuzzy Hash: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                                                                                      • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                      Function 70403C89 Relevance: 52.8, APIs: 15, Strings: 15, Instructions: 251memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 70403CC1
                                                                                                                        • Part of subcall function 7040414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70404182
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/noexpand,00000000), ref: 70403CF0
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70403F55
                                                                                                                        • Part of subcall function 70404C09: GlobalAlloc.KERNEL32(00000040,?,00000000,?,704041B1,?,?,70402D8C,00000000,00000000,00000000), ref: 70404C25
                                                                                                                        • Part of subcall function 70404C09: lstrcpynW.KERNEL32(00000004,?,?,704041B1,?,?,70402D8C,00000000,00000000,00000000), ref: 70404C3A
                                                                                                                      • wsprintfW.USER32 ref: 70403E18
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocFreelstrcmpi$lstrcpylstrcpynwsprintf
                                                                                                                      • String ID: /count$/end$/exists$/index$/isempty$/key$/keys$/noexpand$/type$JSON_Serialize$array$node$string$value$yes
                                                                                                                      • API String ID: 760165124-199274824
                                                                                                                      • Opcode ID: 9d7ad74dba4b11d5023e3ced72c2979f60a327819cfd0f5aa6c31cb4597798ea
                                                                                                                      • Instruction ID: 67169eeb6b84c0e20af52d73341301cefa2be048d57f907d3f6e8873113c3a51
                                                                                                                      • Opcode Fuzzy Hash: 9d7ad74dba4b11d5023e3ced72c2979f60a327819cfd0f5aa6c31cb4597798ea
                                                                                                                      • Instruction Fuzzy Hash: 39718171A05106EAD7029F258E84F5F3F7DEF01646F2002F9FD06F6210E72DD951A6A6
                                                                                                                      Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                      • GetSysColor.USER32(?), ref: 00404863
                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                                                                                      • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                      • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                      • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                      • String ID: N$get
                                                                                                                      • API String ID: 3103080414-214687294
                                                                                                                      • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                      • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                      • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                      • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                      Function 70402BB4 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 141windowmemorythreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000008,00000000,00000000,771AF360,?,?,?,704045D3,70403C68,?,00000000,00000000), ref: 70402BD8
                                                                                                                        • Part of subcall function 704019D2: lstrcmpW.KERNEL32(00000000,704050D0,00000000,h<@p,70402C02,00000000,00000000,Async,00000000,?,?,?,704045D3,70403C68,?,00000000), ref: 704019EB
                                                                                                                        • Part of subcall function 704019D2: lstrcmpiW.KERNEL32(00000000,false,?,?,?,704045D3,70403C68,?,00000000,00000000), ref: 704019FD
                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 70402C11
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,704045D3,70403C68,?,00000000,00000000), ref: 70402C29
                                                                                                                      • wsprintfW.USER32 ref: 70402C42
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70402C5B
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70402C67
                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 70402C96
                                                                                                                      • MsgWaitForMultipleObjectsEx.USER32(00000001,?,000000FF,00001DFF,00000000), ref: 70402CB5
                                                                                                                      • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 70402CCB
                                                                                                                      • TranslateMessage.USER32(00000000), ref: 70402CDF
                                                                                                                      • DispatchMessageW.USER32(00000000), ref: 70402CE9
                                                                                                                      • PostMessageW.USER32(00000000,00000012,?,?), ref: 70402CFC
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,704045D3,70403C68,?,00000000), ref: 70402D0B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalMessage$AllocCreateFreeThread$CloseDispatchHandleMultipleObjectsPeekPostTranslateWaitlstrcmplstrcmpiwsprintf
                                                                                                                      • String ID: Async$Handle$UIAsync$h<@p
                                                                                                                      • API String ID: 783503903-2945749478
                                                                                                                      • Opcode ID: 9af30ddc430e35140af5ebbbc992be44d8fff077fac6d6102f7de8593bcd5ae0
                                                                                                                      • Instruction ID: 8b06025986568c635b9604a754c75fef2b0dda745b3ff7f9bbbf1c227e7b2c38
                                                                                                                      • Opcode Fuzzy Hash: 9af30ddc430e35140af5ebbbc992be44d8fff077fac6d6102f7de8593bcd5ae0
                                                                                                                      • Instruction Fuzzy Hash: 4E41A172501215FBDB115BA6CE4DEAF7E3CEF85351B2001B8F90AB2291EB398D01D6A0
                                                                                                                      Function 7040465D Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 120stringmemorywindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000020,00000000,00000000,?,?,?,70403C5E,?,InternetOpen,00000000), ref: 70404670
                                                                                                                      • wsprintfW.USER32 ref: 70404685
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704046A3
                                                                                                                      • GetModuleHandleA.KERNEL32(wininet.dll,^<@p,00000400,00000000,00000000,00000000,?,?,70403C5E,?,InternetOpen,00000000), ref: 704046C7
                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,^<@p,00000400,00000000,00000000,00000000,?,?,70403C5E,?,InternetOpen,00000000), ref: 704046DB
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,70403C5E,?,InternetOpen,00000000,?,?,?,?,?,?,?,?,00000000), ref: 704046EE
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,70403C5E,?,InternetOpen,00000000), ref: 70404704
                                                                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 7040471A
                                                                                                                      • lstrcpyW.KERNEL32(^<@p,704051A0), ref: 70404728
                                                                                                                      • lstrcpyW.KERNEL32(^<@p,00000000), ref: 70404775
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 7040478D
                                                                                                                      • LocalFree.KERNEL32(00000000,?,InternetOpen), ref: 7040479F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Freelstrcpy$Alloc$FormatHandleLocalMessageModulelstrlenwsprintf
                                                                                                                      • String ID: %lu$ErrorCode$ErrorMessage$^<@p$wininet.dll
                                                                                                                      • API String ID: 3175574836-1158770101
                                                                                                                      • Opcode ID: 06dee19ec973e81f33d5c34095a38ee730abc59fa24a0e6cb7873860288f8570
                                                                                                                      • Instruction ID: 2c39c8c13f508054b24e44fd118ae6005cc7a4223e43675cea9cee92bc8ee9af
                                                                                                                      • Opcode Fuzzy Hash: 06dee19ec973e81f33d5c34095a38ee730abc59fa24a0e6cb7873860288f8570
                                                                                                                      • Instruction Fuzzy Hash: 5731B3B6900208BFDB129BA5CD88F6F777CEB85344F6004B9F906FB160D7B99D108A90
                                                                                                                      Function 00404AB5 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                      • lstrcmpiW.KERNEL32(get,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                      • lstrcatW.KERNEL32(?,get), ref: 00404C28
                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                                                                                        • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                        • Part of subcall function 004068EF: CharPrevW.USER32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                        • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                        • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                        • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                      • String ID: 7303796$A$C:\Users\user\PCAppStore$H7B$get
                                                                                                                      • API String ID: 2624150263-2825739071
                                                                                                                      • Opcode ID: 667bbe0a30595837a03e9c6ce466c2f6c83f7bc5ead90454ae6c6de6e9a81711
                                                                                                                      • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                      • Opcode Fuzzy Hash: 667bbe0a30595837a03e9c6ce466c2f6c83f7bc5ead90454ae6c6de6e9a81711
                                                                                                                      • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                      Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                      • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                                                                                                                        • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                        • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                      • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                                                                                                                      • wsprintfA.USER32 ref: 0040632D
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                      • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                        • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,80000000,00000003), ref: 0040615C
                                                                                                                        • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                      • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                      • API String ID: 2171350718-2295842750
                                                                                                                      • Opcode ID: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                                                                                      • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                      • Opcode Fuzzy Hash: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                                                                                      • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                      • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                      • String ID: F
                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                      • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                      • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                      • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                      • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                      Function 70401A11 Relevance: 19.7, APIs: 12, Strings: 1, Instructions: 199stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,70402DE0,00000000), ref: 70401AB1
                                                                                                                      • lstrcmpW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,70402DE0), ref: 70401AFA
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000010,?,?,70402DE0), ref: 70401B26
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000010,?,?,70402DE0), ref: 70401B4B
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,?,70402DE0), ref: 70401B63
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,?,70402DE0), ref: 70401B73
                                                                                                                      • lstrcpyW.KERNEL32(?,00000000), ref: 70401B8D
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,?,70402DE0), ref: 70401BC3
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,?,70402DE0), ref: 70401BD3
                                                                                                                      • lstrcpyW.KERNEL32(00000000,00000000), ref: 70401BE2
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000002,?,?,70402DE0), ref: 70401BEE
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70401C09
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Alloc$lstrcmplstrcpylstrlen$Free
                                                                                                                      • String ID: -@p
                                                                                                                      • API String ID: 2483198964-3149327100
                                                                                                                      • Opcode ID: 970eb3fe9175acc02f1ac1ec50dfd97d340f6473300ad381428e03c3ffc48e4e
                                                                                                                      • Instruction ID: 26ff9a062c8f7441712ba8bc979e7e5a6e76fde2f906669f973bf9a026fc7419
                                                                                                                      • Opcode Fuzzy Hash: 970eb3fe9175acc02f1ac1ec50dfd97d340f6473300ad381428e03c3ffc48e4e
                                                                                                                      • Instruction Fuzzy Hash: C2711171A00216DFDB228F25C944B1E7BB9EF45751F5184B9E84AAB360F778EC80CB90
                                                                                                                      Function 70403FC3 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 94stringwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(wininet.dll,"?@p,00000400,"?@p,00000000,00000000,00000000,00000000,?,?,?,70403F22,00000000,JSON_Serialize,00000000), ref: 70403FED
                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,"?@p,00000400,"?@p,00000000,00000000,00000000,00000000,?,?,?,70403F22,00000000,JSON_Serialize,00000000), ref: 7040400F
                                                                                                                      • lstrlenW.KERNEL32(00000000,00000000,?,?,?,70403F22,00000000,JSON_Serialize,00000000), ref: 70404023
                                                                                                                      • lstrcpyW.KERNEL32(?,00000000), ref: 70404033
                                                                                                                      • lstrcpyW.KERNEL32(00000000,704051A0), ref: 70404048
                                                                                                                      • lstrcpyW.KERNEL32(?,"?@p), ref: 7040408D
                                                                                                                      • wsprintfW.USER32 ref: 704040A5
                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 704040BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcpy$FormatFreeHandleLocalMessageModulelstrlenwsprintf
                                                                                                                      • String ID: (%lu)$"?@p$wininet.dll
                                                                                                                      • API String ID: 2657572252-1565780427
                                                                                                                      • Opcode ID: 65ab7567494aac599a289fd20d83fcc62b618980f3441cfdc3bd386767d861f7
                                                                                                                      • Instruction ID: 8c9b4e576a66edef3e22b407ae9f0c71836f25d589a1d39e80680fbb86aa055c
                                                                                                                      • Opcode Fuzzy Hash: 65ab7567494aac599a289fd20d83fcc62b618980f3441cfdc3bd386767d861f7
                                                                                                                      • Instruction Fuzzy Hash: 17318EB6900204ABDB118F65CD88F6F3B7CEB84354F6006B5FA02F6210D778AD50CBA1
                                                                                                                      Function 70401CED Relevance: 18.3, APIs: 10, Strings: 2, Instructions: 290stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00001000,00000000), ref: 70401D07
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00001000,00000000,?), ref: 70401D65
                                                                                                                      • lstrlenW.KERNEL32(?,00000001,00000000), ref: 70401D96
                                                                                                                      • lstrcmpiW.KERNEL32(00000004,true), ref: 70401DC1
                                                                                                                      • lstrlenW.KERNEL32(00000004,00000001,00000000), ref: 70401E1D
                                                                                                                      • lstrlenW.KERNEL32(?,00000001,00000000), ref: 70401EB9
                                                                                                                      • lstrlenW.KERNEL32(?,00000001,00000000), ref: 70401F19
                                                                                                                      • GlobalFree.KERNEL32(00000004), ref: 70401FA7
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70401FDB
                                                                                                                        • Part of subcall function 70402536: lstrlenW.KERNEL32(00000000,70403F05,?,70403F05,?,00000000,?,00000000,00000000,00000000), ref: 70402578
                                                                                                                        • Part of subcall function 70402536: lstrlenW.KERNEL32(?,70403F05,?,70403F05,?,00000000,?,00000000,00000000,00000000), ref: 70402607
                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 70401FE6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen$Global$AllocFree$ErrorLastlstrcmpi
                                                                                                                      • String ID: []=$true
                                                                                                                      • API String ID: 462359672-2138158760
                                                                                                                      • Opcode ID: b83aae7094f863f785aede0a15181126f788ca0c7d69e702b115770cdd548a60
                                                                                                                      • Instruction ID: 7261cfdab99785e46801df65a60de23b87aa8e52b53638ad62dec3d7ecbc8a21
                                                                                                                      • Opcode Fuzzy Hash: b83aae7094f863f785aede0a15181126f788ca0c7d69e702b115770cdd548a60
                                                                                                                      • Instruction Fuzzy Hash: 56A1BDB2D00109BFDB11DFD0CD85EEFB7BDAB04700F5045AABA16F6150E779AA448BA0
                                                                                                                      Function 7040489D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114synchronizationmemorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 704048D5
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704049D1
                                                                                                                        • Part of subcall function 70401A11: GlobalAlloc.KERNEL32(00000040,00000010,?,?,70402DE0), ref: 70401B26
                                                                                                                        • Part of subcall function 70401A11: GlobalAlloc.KERNEL32(00000040,00000010,?,?,70402DE0), ref: 70401B4B
                                                                                                                        • Part of subcall function 70401A11: lstrlenW.KERNEL32(00000000,?,?,70402DE0), ref: 70401B63
                                                                                                                        • Part of subcall function 70401A11: GlobalAlloc.KERNEL32(00000040,00000000,?,?,70402DE0), ref: 70401B73
                                                                                                                        • Part of subcall function 70401A11: lstrcpyW.KERNEL32(?,00000000), ref: 70401B8D
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/timeout,00000000,?), ref: 70404954
                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000000,00000000), ref: 70404987
                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?), ref: 704049AF
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 704049B6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Alloc$FreeObjectSingleWaitlstrcpy$CloseHandlelstrcmpilstrlen
                                                                                                                      • String ID: /timeout$Handle$wait
                                                                                                                      • API String ID: 371915083-854704214
                                                                                                                      • Opcode ID: 7777374ca3c32a3d479f5689135ff9151a318b23ebca26d6761a61509908d9a4
                                                                                                                      • Instruction ID: c28727681175155579cda78d53636bf82202bc9c80e0e21a1eb5617e003087fc
                                                                                                                      • Opcode Fuzzy Hash: 7777374ca3c32a3d479f5689135ff9151a318b23ebca26d6761a61509908d9a4
                                                                                                                      • Instruction Fuzzy Hash: DA31A0F2201201AADB019F768D45F4F37BCEFC5224F2041F9FD06B6250EBB8E80186A5
                                                                                                                      Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                      • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                      • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                      • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                      • String ID: ('B
                                                                                                                      • API String ID: 1495540970-2332581011
                                                                                                                      • Opcode ID: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                                                                                      • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                      • Opcode Fuzzy Hash: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                                                                                      • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                      Function 7017B095 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,70178306,?,Microsoft Visual C++ Runtime Library,00012010,?,7017D834,?,7017D884,?,?,?,Runtime Error!Program: ), ref: 7017B0A7
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 7017B0BF
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 7017B0D0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 7017B0DD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                      • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                      • API String ID: 2238633743-4044615076
                                                                                                                      • Opcode ID: fd789d7772fa77b7924c105391406055c9d19abd1fc305345f6bb6ed1ba3d268
                                                                                                                      • Instruction ID: a71b4982d6873acc956121b1b9c4405f55f46d5ed1378933cf428325364fe2a0
                                                                                                                      • Opcode Fuzzy Hash: fd789d7772fa77b7924c105391406055c9d19abd1fc305345f6bb6ed1ba3d268
                                                                                                                      • Instruction Fuzzy Hash: 92018F32700206AF8701DFB69DC0B5E7FFCABA81A0724A02DF702C2961DB309941CB60
                                                                                                                      Function 7017B367 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000100,7017D974,00000001,00000000,00000000,00000103,00000001,?,?,70179751,00200020,00000000,?,?,00000000), ref: 7017B3A9
                                                                                                                      • LCMapStringA.KERNEL32(00000000,00000100,7017D970,00000001,00000000,00000000,?,70179751,00200020,00000000,?,?,00000000,00000001), ref: 7017B3C5
                                                                                                                      • LCMapStringA.KERNEL32(?,?,00000000,00200020,70179751,?,00000103,00000001,?,?,70179751,00200020,00000000,?,?,00000000), ref: 7017B40E
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000002,00000000,00200020,00000000,00000000,00000103,00000001,?,?,70179751,00200020,00000000,?,?,00000000), ref: 7017B446
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,70179751,00200020,00000000,?,?), ref: 7017B49E
                                                                                                                      • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,70179751,00200020,00000000,?,?), ref: 7017B4B4
                                                                                                                      • LCMapStringW.KERNEL32(?,?,70179751,00000000,70179751,?,?,70179751,00200020,00000000,?,?), ref: 7017B4E7
                                                                                                                      • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,70179751,00200020,00000000,?,?), ref: 7017B54F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: String$ByteCharMultiWide
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 352835431-0
                                                                                                                      • Opcode ID: 760b47f0aeffa6fb15697bf3c73e463d3a84f1871d2aa470dc95e12d87fa6daf
                                                                                                                      • Instruction ID: 94bfb90323fba2f571f7c19a2c1f76e0e6276d47598dcef5e66fc6d75167f211
                                                                                                                      • Opcode Fuzzy Hash: 760b47f0aeffa6fb15697bf3c73e463d3a84f1871d2aa470dc95e12d87fa6daf
                                                                                                                      • Instruction Fuzzy Hash: 8A518C72500209EFCF12CFA6CC88F9E7FB9FB59754F209119F912A2560D3319A51DBA1
                                                                                                                      Function 704015F7 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 192stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,00000002,00000000,771AFFC0), ref: 70401604
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 704016BB
                                                                                                                      • wsprintfW.USER32 ref: 70401756
                                                                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 704017C9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocGloballstrcpylstrlenwsprintf
                                                                                                                      • String ID: $\u%04x$~
                                                                                                                      • API String ID: 1920656451-1521313420
                                                                                                                      • Opcode ID: e7fa6a7733ffc4e1120271702a26e0454f7ab05f1ad66a0369580ef3eafd8ae0
                                                                                                                      • Instruction ID: 9a634397ed80055a93d3644396eda2495988269d86a23a66088b4ab6be3f77cd
                                                                                                                      • Opcode Fuzzy Hash: e7fa6a7733ffc4e1120271702a26e0454f7ab05f1ad66a0369580ef3eafd8ae0
                                                                                                                      • Instruction Fuzzy Hash: 2351E031900305EBDB014FA48894B7D77B9EB45700F6449BAE907F73B4F2BE89818B91
                                                                                                                      Function 701781E2 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 7017824F
                                                                                                                      • GetStdHandle.KERNEL32(000000F4,7017D834,00000000,?,00000000,00000000), ref: 70178325
                                                                                                                      • WriteFile.KERNEL32(00000000), ref: 7017832C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$HandleModuleNameWrite
                                                                                                                      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                      • API String ID: 3784150691-4022980321
                                                                                                                      • Opcode ID: bafc5a21f87580362a6518f41db3664b37616f7174888d1b7aaab07b9d981c33
                                                                                                                      • Instruction ID: 2f2dcb78c6e4d5ad5d5deca815d8462df4856ee496544f35669dded6029f9c1d
                                                                                                                      • Opcode Fuzzy Hash: bafc5a21f87580362a6518f41db3664b37616f7174888d1b7aaab07b9d981c33
                                                                                                                      • Instruction Fuzzy Hash: CF31E972A80118AFDF10D664CC45FDE33BDEF95314F60A556F546EA840E630FA81CB12
                                                                                                                      Function 70178077 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,701746F3), ref: 70178092
                                                                                                                      • GetEnvironmentStrings.KERNEL32(?,?,?,?,701746F3), ref: 701780A6
                                                                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,701746F3), ref: 701780D2
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,701746F3), ref: 7017810A
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,701746F3), ref: 7017812C
                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,701746F3), ref: 70178145
                                                                                                                      • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,701746F3), ref: 70178158
                                                                                                                      • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 70178196
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1823725401-0
                                                                                                                      • Opcode ID: 89d7454c0754e00586469e12e38d1fb5d3addd40f6d27af81f0456150e944ce7
                                                                                                                      • Instruction ID: af2fc66f9a88b0966db32d824da9cb52d126b26518ef8c219eb028c8717d02c4
                                                                                                                      • Opcode Fuzzy Hash: 89d7454c0754e00586469e12e38d1fb5d3addd40f6d27af81f0456150e944ce7
                                                                                                                      • Instruction Fuzzy Hash: D43138B35842546FE3127F7A8C8492FB6FDFB44258BA1B53CF543C3D00E6219C468262
                                                                                                                      Function 70402D25 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 109memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 70402D5E
                                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 70402D71
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70402E28
                                                                                                                        • Part of subcall function 7040414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70404182
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/end,00000000), ref: 70402DAA
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/index), ref: 70402DBA
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70402E21
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Freelstrcmpi$Alloc$lstrcpy
                                                                                                                      • String ID: /end$/index
                                                                                                                      • API String ID: 3216674501-41208782
                                                                                                                      • Opcode ID: 3b09bfe03f3dcaa0cdea4e1479def097dd5271acef99878cddb7a0db4ccbd689
                                                                                                                      • Instruction ID: 6b6b7a4435ae3d9a7ef7c3c9ec36dd39a314a55d123e826fef39ffad8a77b01a
                                                                                                                      • Opcode Fuzzy Hash: 3b09bfe03f3dcaa0cdea4e1479def097dd5271acef99878cddb7a0db4ccbd689
                                                                                                                      • Instruction Fuzzy Hash: BF313E72641245AFD701DF66DE88E9F3BB8EF85355B1040B9F90AE6250D7389D008BA0
                                                                                                                      Function 704047A9 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 89stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 704047E0
                                                                                                                        • Part of subcall function 7040414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70404182
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/end,00000000), ref: 7040480A
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/index), ref: 7040481A
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70404882
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Globallstrcmpi$Free$Alloclstrcpy
                                                                                                                      • String ID: /end$/index$/options
                                                                                                                      • API String ID: 2166273740-1446855818
                                                                                                                      • Opcode ID: 3842e615453344d7c4c32b2688c152af2373f09a081fcd618b4e5cf7aff19a54
                                                                                                                      • Instruction ID: 2ab4cf55f29b918d4e46519f2c39035dc26ca9c70c2cf2541d31a83cdf8e7dfa
                                                                                                                      • Opcode Fuzzy Hash: 3842e615453344d7c4c32b2688c152af2373f09a081fcd618b4e5cf7aff19a54
                                                                                                                      • Instruction Fuzzy Hash: E72180B6601255ABC701AF669D48E8F3BBCEFC5354F1084B9FD06B6210D7B8D9018AA1
                                                                                                                      Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                      • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                      • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                      • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                      • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2320649405-0
                                                                                                                      • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                      • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                      • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                      • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                      Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                        • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                      • String ID: 9
                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                      • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                      • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                      • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                      • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                      Function 70142480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 701425C2
                                                                                                                        • Part of subcall function 701412CC: lstrcpynW.KERNEL32(00000000,?,7014137F,00000019,701411CA,-000000A0), ref: 701412DC
                                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 70142548
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 70142563
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                      • String ID: @H3w
                                                                                                                      • API String ID: 4216380887-4275297014
                                                                                                                      • Opcode ID: f07064dc4c262f96e359945ee84fdcbc24ffd8c4d193b5cb9bbc544ab677ba64
                                                                                                                      • Instruction ID: f2fcd8ff2a7da2b42eed530e7799ebd174f9b62b59fc2b00966a7c53e1d6b25d
                                                                                                                      • Opcode Fuzzy Hash: f07064dc4c262f96e359945ee84fdcbc24ffd8c4d193b5cb9bbc544ab677ba64
                                                                                                                      • Instruction Fuzzy Hash: F54101B1008305DFC314DF25D850AAE77F8FB54320F6199ADF9468BAB1E770A880CB61
                                                                                                                      Function 70404231 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 89stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 70404269
                                                                                                                        • Part of subcall function 70404B73: lstrcpyW.KERNEL32(00000000,00000004), ref: 70404B94
                                                                                                                        • Part of subcall function 70404B73: GlobalFree.KERNEL32(00000000), ref: 70404BA5
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/unicode,00000000), ref: 70404291
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,/always), ref: 704042A6
                                                                                                                        • Part of subcall function 70404C09: GlobalAlloc.KERNEL32(00000040,?,00000000,?,704041B1,?,?,70402D8C,00000000,00000000,00000000), ref: 70404C25
                                                                                                                        • Part of subcall function 70404C09: lstrcpynW.KERNEL32(00000004,?,?,704041B1,?,?,70402D8C,00000000,00000000,00000000), ref: 70404C3A
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704042FA
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70404304
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Free$Alloclstrcmpi$lstrcpylstrcpyn
                                                                                                                      • String ID: /always$/unicode
                                                                                                                      • API String ID: 3554853735-1970542336
                                                                                                                      • Opcode ID: 43a17a7535855c5eff0ad4c0d692ce7427bbd3f9000d54ffefa524f3d423654d
                                                                                                                      • Instruction ID: 1a4546f43ead6454a8f41c41fbfe88d13588db2279d521328a818c091d67299e
                                                                                                                      • Opcode Fuzzy Hash: 43a17a7535855c5eff0ad4c0d692ce7427bbd3f9000d54ffefa524f3d423654d
                                                                                                                      • Instruction Fuzzy Hash: 1B219CB2301214AED3019F19DD85F9F37B8EF853A4F2050B9FD05BA250D7B8E9018AA5
                                                                                                                      Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                      • CharNextW.USER32(?,00000000,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                      • CharPrevW.USER32(?,?,771B3420,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                      • String ID: *?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 589700163-1439852002
                                                                                                                      • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                      • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                      • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                      • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                      Function 70173193 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcpyW.KERNEL32(?,-#INF), ref: 701731DB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcpy
                                                                                                                      • String ID: #INF$%%.%dE$%%.%de$%%.%df$%%.%dg$-#INF
                                                                                                                      • API String ID: 3722407311-405108197
                                                                                                                      • Opcode ID: 797466095bdbb1b656876e801bc4604f3ce14f21753534173cf38c87dab4e15a
                                                                                                                      • Instruction ID: 2cab44370ab07fee3c58e686302c9562e7b115492bced2ea471673c2adeaf665
                                                                                                                      • Opcode Fuzzy Hash: 797466095bdbb1b656876e801bc4604f3ce14f21753534173cf38c87dab4e15a
                                                                                                                      • Instruction Fuzzy Hash: CB012872201108B6DB015B00DD46FDE77ECBF0D308F61FA49BEC229082DBB596588656
                                                                                                                      Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                      • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                      • wsprintfW.USER32 ref: 00403095
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                        • Part of subcall function 00403012: MulDiv.KERNEL32(00000000,00000064,000142E8), ref: 00403027
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                      • String ID: ... %d%%
                                                                                                                      • API String ID: 722711167-2449383134
                                                                                                                      • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                      • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                      • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                      • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                      Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                      • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                      • String ID: f
                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                      • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                      • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                      • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                      • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                      Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                      • wsprintfW.USER32 ref: 00402FE5
                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                      • API String ID: 1451636040-1158693248
                                                                                                                      • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                      • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                      • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                      • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                      Function 7017B21E Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStringTypeW.KERNEL32(00000001,7017D974,00000001,?,00000103,00000001,?,70179751,00200020,00000000,?,?,00000000,00000001), ref: 7017B25D
                                                                                                                      • GetStringTypeA.KERNEL32(00000000,00000001,7017D970,00000001,?), ref: 7017B277
                                                                                                                      • GetStringTypeA.KERNEL32(?,?,?,00000000,00200020,00000103,00000001,?,70179751,00200020,00000000,?,?,00000000,00000001), ref: 7017B2AB
                                                                                                                      • MultiByteToWideChar.KERNEL32(70179751,00000002,?,00000000,00000000,00000000,00000103,00000001,?,70179751,00200020,00000000,?,?,00000000,00000001), ref: 7017B2E3
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 7017B339
                                                                                                                      • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 7017B34B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: StringType$ByteCharMultiWide
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3852931651-0
                                                                                                                      • Opcode ID: 0e40dae88c69b3bdb5283680bcb21b59be862d1b740e509ed4932a9266cf359e
                                                                                                                      • Instruction ID: 3460917d168939193477efda50fcba48f0f80043a95dc5d2e82e9c0906fa5ee7
                                                                                                                      • Opcode Fuzzy Hash: 0e40dae88c69b3bdb5283680bcb21b59be862d1b740e509ed4932a9266cf359e
                                                                                                                      • Instruction Fuzzy Hash: 7441AF72601209AFCF11CFA5CC85FAE3F79FF18264F24A529FA16E6550C334A991CB90
                                                                                                                      Function 70142655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 701412BB: GlobalAlloc.KERNEL32(00000040,?,701412DB,?,7014137F,00000019,701411CA,-000000A0), ref: 701412C5
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70142743
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70142778
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Free$Alloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1780285237-0
                                                                                                                      • Opcode ID: 8051656ec489b1d0ea7d85a0f10fbd6128f78a8df843869822358f03068f19f9
                                                                                                                      • Instruction ID: 016ea0a4733df400a960e0c888c6a721a939f338a088920e1a1a936d451afdee
                                                                                                                      • Opcode Fuzzy Hash: 8051656ec489b1d0ea7d85a0f10fbd6128f78a8df843869822358f03068f19f9
                                                                                                                      • Instruction Fuzzy Hash: 4531FE72604101EFC7268F65CC84D6E77BAFB963023B161BCF60283A70C77068949B61
                                                                                                                      Function 70177AFB Relevance: 9.1, APIs: 6, Instructions: 56memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,70174745,7017478B,?,?,?), ref: 70177B33
                                                                                                                      • VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,70174745,7017478B,?,?,?), ref: 70177B3E
                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,?,70174745,7017478B,?,?,?), ref: 70177B4B
                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,70174745,7017478B,?,?,?), ref: 70177B67
                                                                                                                      • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000,?,?,70174745,7017478B,?,?,?), ref: 70177B88
                                                                                                                      • HeapDestroy.KERNEL32(?,?,70174745,7017478B,?,?,?), ref: 70177B9A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$HeapVirtual$Destroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 716807051-0
                                                                                                                      • Opcode ID: fb9f6c11cf8f455f7119a1b954e8304965651b0038da2aec3a6b04f36dbb0357
                                                                                                                      • Instruction ID: cce77cb7bf1cdc09940a62d9c5fb380d3084816f21758f3e408e52017f8d8e37
                                                                                                                      • Opcode Fuzzy Hash: fb9f6c11cf8f455f7119a1b954e8304965651b0038da2aec3a6b04f36dbb0357
                                                                                                                      • Instruction Fuzzy Hash: E7117C32240209EBE622CB62CC85F1AB762FB44720F71A054F652679E0C621B9418B54
                                                                                                                      Function 704017D8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(15FF5700,00000000,?,?,?,?,?,?,?,?,70403ED9,00000000), ref: 704017E5
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,70403ED9,00000000), ref: 704017FA
                                                                                                                      • wsprintfW.USER32 ref: 704018CD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocGloballstrlenwsprintf
                                                                                                                      • String ID: 0x%c%c%c%c$\
                                                                                                                      • API String ID: 983123113-737428342
                                                                                                                      • Opcode ID: f8952b8c6e3cd7cc92ba6f50926def00162799f7d7257703ef7bbb75bb2f2fcd
                                                                                                                      • Instruction ID: da656e45902b9c6065711cd1bd7a2f58ecc095cd6a556a5cddb166ad23e0f308
                                                                                                                      • Opcode Fuzzy Hash: f8952b8c6e3cd7cc92ba6f50926def00162799f7d7257703ef7bbb75bb2f2fcd
                                                                                                                      • Instruction Fuzzy Hash: 1641D772A00209DBC711DF95C981BAEB7B9FB45311F2081B5E946FB364F238DA81C791
                                                                                                                      Function 70177956 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetVersionExA.KERNEL32 ref: 70177975
                                                                                                                      • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 701779AA
                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 70177A0A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                      • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                      • API String ID: 1385375860-4131005785
                                                                                                                      • Opcode ID: 2dfd7ce62a6f0fd6d591ad9d230e2c44d06bef157828b5b0d90927ceafbeec97
                                                                                                                      • Instruction ID: 0b41a16d4c303c04b1a04bce4fc380b5c44b9d6197c1300cb3703817990bd1f3
                                                                                                                      • Opcode Fuzzy Hash: 2dfd7ce62a6f0fd6d591ad9d230e2c44d06bef157828b5b0d90927ceafbeec97
                                                                                                                      • Instruction Fuzzy Hash: 7331F2719422996EFB22C6705C91BDD377C9B02218F64F4EDE287D6441E6309F9ACB11
                                                                                                                      Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                      • wsprintfW.USER32 ref: 00404F1B
                                                                                                                      • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                      • String ID: %u.%u%s%s$H7B
                                                                                                                      • API String ID: 3540041739-107966168
                                                                                                                      • Opcode ID: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                                                                                      • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                      • Opcode Fuzzy Hash: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                                                                                      • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                      Function 70141979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeGlobal
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2979337801-0
                                                                                                                      • Opcode ID: 9663b21e0e4491f466ce2cb39df856f6b83d216bcee69ad9bc2e043254307106
                                                                                                                      • Instruction ID: 4a997a0354609acc198b81c91ebff1954f469abc66da183c564d5b20e838d6a2
                                                                                                                      • Opcode Fuzzy Hash: 9663b21e0e4491f466ce2cb39df856f6b83d216bcee69ad9bc2e043254307106
                                                                                                                      • Instruction Fuzzy Hash: 7651F632D01118AECB029FA4C94459EBBBAEB40358F73A15DF806F3734E771AD458791
                                                                                                                      Function 70177BA3 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStartupInfoA.KERNEL32(?), ref: 70177BFC
                                                                                                                      • GetFileType.KERNEL32(00000800), ref: 70177CA2
                                                                                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 70177CFB
                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 70177D09
                                                                                                                      • SetHandleCount.KERNEL32 ref: 70177D40
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleType$CountInfoStartup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1710529072-0
                                                                                                                      • Opcode ID: 8df1fcfe5a8a90a9fa66e242cf1a63480cb1e3fb0af7c7633cf6b099b96b05e0
                                                                                                                      • Instruction ID: 7a211e599997c3250d3f28654ea034c549b65c59c9b36ccfbdf6f21cfa9a7c27
                                                                                                                      • Opcode Fuzzy Hash: 8df1fcfe5a8a90a9fa66e242cf1a63480cb1e3fb0af7c7633cf6b099b96b05e0
                                                                                                                      • Instruction Fuzzy Hash: 1451157250424A8BD322CB69CC9875E3BA5FF15730F26E66CE4A38B6E0D730A985C751
                                                                                                                      Function 704012FF Relevance: 7.6, APIs: 5, Instructions: 96stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(00000800,?,00000004,?,?,?,70401E4C,00000004,00000800,00000000), ref: 7040131D
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,-00000002,?,?,?,70401E4C,00000004,00000800,00000000), ref: 7040132C
                                                                                                                      • IsCharAlphaNumericW.USER32(?,00000000,?,?,?,70401E4C,00000004,00000800,00000000), ref: 70401351
                                                                                                                      • lstrlenW.KERNEL32(00000000,00000000,?,?,?,70401E4C,00000004,00000800,00000000), ref: 704013C0
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704013E9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Globallstrlen$AllocAlphaCharFreeNumeric
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2254421552-0
                                                                                                                      • Opcode ID: a680d1a36257fabf5dd50a3cd4993975b889908b1eca65a7642cb8b6c4ae00b9
                                                                                                                      • Instruction ID: 9784b45304434be58b497dfe628aa95040e8969a4b5d0027f4d119cca8062ebd
                                                                                                                      • Opcode Fuzzy Hash: a680d1a36257fabf5dd50a3cd4993975b889908b1eca65a7642cb8b6c4ae00b9
                                                                                                                      • Instruction Fuzzy Hash: F431E176500226EBEB105F99CD84B6E37B8EF05B50B2000AAFD02FA720F3788C41D7A1
                                                                                                                      Function 70402984 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 96stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpW.KERNEL32(70405050,?,00000000,?,00000000,|H@p,704021C4,|H@p,00000000,?,00000000,00000000,00000000,?,?,7040487C), ref: 704029D4
                                                                                                                      • lstrcmpiW.KERNEL32(70405050,?,00000000,?,00000000,|H@p,704021C4,|H@p,00000000,?,00000000,00000000,00000000,?,?,7040487C), ref: 704029DC
                                                                                                                      • lstrcmpW.KERNEL32(75FF855B,?,00000000,?,00000000,|H@p,704021C4,|H@p,00000000,?,00000000,00000000,00000000,?,?,7040487C), ref: 70402A2A
                                                                                                                      • lstrcmpiW.KERNEL32(75FF855B,?,00000000,?,00000000,|H@p,704021C4,|H@p,00000000,?,00000000,00000000,00000000,?,?,7040487C), ref: 70402A38
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmplstrcmpi
                                                                                                                      • String ID: |H@p
                                                                                                                      • API String ID: 3524194181-3730317945
                                                                                                                      • Opcode ID: 3420aca335b5955baf9075f10900d37700fdbf92a55a034a62bfa81bdc878c1d
                                                                                                                      • Instruction ID: 6563f2657eb207286cb8f897847a30a32278df708a138ea9466ee077a138d626
                                                                                                                      • Opcode Fuzzy Hash: 3420aca335b5955baf9075f10900d37700fdbf92a55a034a62bfa81bdc878c1d
                                                                                                                      • Instruction Fuzzy Hash: 413191323402109FDB129F24CA45B5E37A9EF84660F2940F8A94AAB2F5DB39DD429B50
                                                                                                                      Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEnum$DeleteValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1354259210-0
                                                                                                                      • Opcode ID: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                                                      • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                      • Opcode Fuzzy Hash: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                                                      • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                      Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                      • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                      • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                      • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1849352358-0
                                                                                                                      • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                      • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                      • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                      • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                      Function 70402A75 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(?,,`@p,00000000,00000000,00000000,?,?,70402E0D,7040602C,00000000,00000000), ref: 70402AA9
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70402ADA
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70402AE1
                                                                                                                      • GlobalFree.KERNEL32(?), ref: 70402AE4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeGlobal$lstrcmpi
                                                                                                                      • String ID: ,`@p
                                                                                                                      • API String ID: 2789208084-587938435
                                                                                                                      • Opcode ID: 2ab4aa3fa7f218472f6c12ca9a53af2f05ccdc12e394b6e36a69ee24a1a7b7db
                                                                                                                      • Instruction ID: c8a696d68a2a4b89dd6289a59b9dbd684dc1a87447c371cf80f98f0d6256764b
                                                                                                                      • Opcode Fuzzy Hash: 2ab4aa3fa7f218472f6c12ca9a53af2f05ccdc12e394b6e36a69ee24a1a7b7db
                                                                                                                      • Instruction Fuzzy Hash: DB113936A01215AFDB218F59C980A5EB7B9EF44650B2084B9EC06A7350DB79ED40CF90
                                                                                                                      Function 704049E9 Relevance: 7.5, APIs: 5, Instructions: 45filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000), ref: 70404A00
                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000), ref: 70404A0F
                                                                                                                      • lstrlenW.KERNEL32(?,00000000), ref: 70404A1A
                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000), ref: 70404A4A
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70404A51
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWritelstrlen$FreeGlobal
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3525607692-0
                                                                                                                      • Opcode ID: d3ed30203d67832cb04a015e2b051719ab99b71b3f5b4ee585dbdd8a90680309
                                                                                                                      • Instruction ID: 34bb42c4e09a46fe236deead56379f30baf7a7b8a35ad043cc4d415e67f25a97
                                                                                                                      • Opcode Fuzzy Hash: d3ed30203d67832cb04a015e2b051719ab99b71b3f5b4ee585dbdd8a90680309
                                                                                                                      • Instruction Fuzzy Hash: 23010872540218AFDB119F50CD09FAF3BBCEF04310F1441A9B91AA6220D7B5AA10DBD4
                                                                                                                      Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(?), ref: 00401E51
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                      • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2584051700-0
                                                                                                                      • Opcode ID: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                                                                                      • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                      • Opcode Fuzzy Hash: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                                                                                      • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                      Function 701416BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,701422D8,?,00000808), ref: 701416D5
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,701422D8,?,00000808), ref: 701416DC
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,701422D8,?,00000808), ref: 701416F0
                                                                                                                      • GetProcAddress.KERNEL32(701422D8,00000000), ref: 701416F7
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70141700
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612333924.0000000070141000.00000020.00000001.01000000.0000000F.sdmp, Offset: 70140000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612298241.0000000070140000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612368114.0000000070144000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612405488.0000000070146000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70140000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1148316912-0
                                                                                                                      • Opcode ID: e6f2d185303f9d7da325a3e523a56c8319413de26242421ef53a440e99725a78
                                                                                                                      • Instruction ID: 65430d0b2a6327412792ca2c2d0a33841e10ae59ec9e096cdc62b14432ee9e85
                                                                                                                      • Opcode Fuzzy Hash: e6f2d185303f9d7da325a3e523a56c8319413de26242421ef53a440e99725a78
                                                                                                                      • Instruction Fuzzy Hash: 61F0AC732061387BD6211BA79C4CDDBBE9CEF8B2F5B210225F728925B086A25D11D7F1
                                                                                                                      Function 70403F72 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 31stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,JSON,?,00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 70403F9D
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,Raw,?,?,00000000,?,?,?,?,?,?,00000000,?,?,00000000), ref: 70403FB0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID: DataType$JSON$Raw
                                                                                                                      • API String ID: 1586166983-3390691770
                                                                                                                      • Opcode ID: 4d66d0aaaff9b4ee958ef8acf17d26f01e7ef886652b80d7968dfe4e6edbbb20
                                                                                                                      • Instruction ID: b1a8407f1127695c754003d850c8f2a958649e8afae43419dec51aa0adf4cd56
                                                                                                                      • Opcode Fuzzy Hash: 4d66d0aaaff9b4ee958ef8acf17d26f01e7ef886652b80d7968dfe4e6edbbb20
                                                                                                                      • Instruction Fuzzy Hash: BEE09AB2A641167AC6102635AD0AF5F3B6CCB02569B2403F0FD4AFD291EA1DA84640D9
                                                                                                                      Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                      • String ID: !
                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                      • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                      • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                      • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                      • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                      Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,get,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,get,get,get,00000000,00422728), ref: 00406587
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseQueryValue
                                                                                                                      • String ID: ('B$get
                                                                                                                      • API String ID: 3356406503-1955485993
                                                                                                                      • Opcode ID: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                                                      • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                      • Opcode Fuzzy Hash: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                                                      • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                      Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,0040362D,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,0040362D,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                                                                      • API String ID: 2659869361-2382934351
                                                                                                                      • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                      • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                      • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                      • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                      Function 70176ABC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,70174228), ref: 70176AC1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 70176AD1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                      • Opcode ID: 8800e8c373de6a0ba19b10a73486351af9feb4b27c6bed964df7b37fbd7eff09
                                                                                                                      • Instruction ID: 522e50de19110341539a26701aef5ada2a28fd99b2855f18bc438dd913d73728
                                                                                                                      • Opcode Fuzzy Hash: 8800e8c373de6a0ba19b10a73486351af9feb4b27c6bed964df7b37fbd7eff09
                                                                                                                      • Instruction Fuzzy Hash: 77C08CB0300208A3DA001BF20E0BB1F36782B046C2F20F02CB807F6880DF20D0909538
                                                                                                                      Function 7017A240 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • HeapAlloc.KERNEL32(00000000,00002020,7017EBB0,7017EBB0,?,?,7017A70C,00000020,00000010,00000000,00000000,00000000,?,7017A8F1,00000010,?), ref: 7017A261
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,7017A70C,00000020,00000010,00000000,00000000,00000000,?,7017A8F1,00000010,?), ref: 7017A285
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,7017A70C,00000020,00000010,00000000,00000000,00000000,?,7017A8F1,00000010,?), ref: 7017A29F
                                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,7017A70C,00000020,00000010,00000000,00000000,00000000,?,7017A8F1,00000010,?,7017A886), ref: 7017A360
                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,7017A70C,00000020,00000010,00000000,00000000,00000000,?,7017A8F1,00000010,?,7017A886,000000E0), ref: 7017A377
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual$FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 714016831-0
                                                                                                                      • Opcode ID: 74dfd02d0cc1571b710ae97cc0918b95bc46c3fd266231135fd1547f30f33d4d
                                                                                                                      • Instruction ID: d54adb10cded3baee90a4b4a28de69f499ca27a09e6a1882882fe4e03f3d2edb
                                                                                                                      • Opcode Fuzzy Hash: 74dfd02d0cc1571b710ae97cc0918b95bc46c3fd266231135fd1547f30f33d4d
                                                                                                                      • Instruction Fuzzy Hash: 8131E2726407059FD3318F25CC44B2A7AF5FB88759F20E529F15797AE0E770A880CB44
                                                                                                                      Function 70402B39 Relevance: 6.3, APIs: 5, Instructions: 52stringmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000,00000000,?,?,704041D0,00000000,?,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000), ref: 70402B59
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000C,00000000,?,704041D0,00000000,?,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70402B7A
                                                                                                                      • lstrlenW.KERNEL32(00000000,?,704041D0,00000000,?,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70402B7F
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,704041D0,00000000,?,?,00000000,00000000,00000000,?,70402D8C,00000000,00000000,00000000), ref: 70402B8F
                                                                                                                      • lstrcpyW.KERNEL32(00000000,00000000), ref: 70402B95
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocGlobal$lstrcmpilstrcpylstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3653182775-0
                                                                                                                      • Opcode ID: 0e6dba5b36700b31dae5c8e4efa5f6d29bdad2ec0621384ea8e704115bbe390c
                                                                                                                      • Instruction ID: 07c6185711a7e032dedc4592fab54b2533778584667e7b6f2a77e02fcc743036
                                                                                                                      • Opcode Fuzzy Hash: 0e6dba5b36700b31dae5c8e4efa5f6d29bdad2ec0621384ea8e704115bbe390c
                                                                                                                      • Instruction Fuzzy Hash: 5F012D71600219EFDB119F65CE48F5F7BBCEB44794F2044B5EA09AB290C678ED01CBA0
                                                                                                                      Function 7017908E Relevance: 6.1, APIs: 4, Instructions: 139fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000,00000002,?,?), ref: 70179166
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3934441357-0
                                                                                                                      • Opcode ID: 3d4012b0c4c99c30111b92f6d4609f8b014dd20e790ed79e0c7b4572a103652e
                                                                                                                      • Instruction ID: 56c8987ef27058369e5ce63aea493d7fc25687d1b87a39d512d4318874871370
                                                                                                                      • Opcode Fuzzy Hash: 3d4012b0c4c99c30111b92f6d4609f8b014dd20e790ed79e0c7b4572a103652e
                                                                                                                      • Instruction Fuzzy Hash: AD519071900249EFCB02CFB9CC88B9D7BB5BF44360F60E299F8169B695D7309A49DB50
                                                                                                                      Function 7017195B Relevance: 6.1, APIs: 4, Instructions: 122stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(00000000,00000000,?,00001000,00001000), ref: 701719DF
                                                                                                                      • lstrlenW.KERNEL32(00000000), ref: 701719E5
                                                                                                                        • Part of subcall function 701732B1: GlobalAlloc.KERNEL32(00000040,00000010,?,?,?,00000002,70171806,00000400,?,00000000), ref: 701732CE
                                                                                                                        • Part of subcall function 701732B1: GlobalAlloc.KERNEL32(00000040,00000010,?,00000002,70171806,00000400,?,00000000), ref: 701732DC
                                                                                                                        • Part of subcall function 701732B1: GlobalAlloc.KERNEL32(00000040,00000400,?,00000002,70171806,00000400,?,00000000), ref: 701732EB
                                                                                                                        • Part of subcall function 70173295: GlobalAlloc.KERNEL32(00000040,00000010,70171084,?,?,?,00000000,7017114D,?,?,?,00000000,70171010,00000000,?,?), ref: 70173299
                                                                                                                      • __ftol.LIBCMT ref: 70171A4A
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70171A6E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$Alloc$lstrlen$Free__ftol
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 971515049-0
                                                                                                                      • Opcode ID: b2b8c6529baa20082b3d4c56053be80004278baafa033a5fe618195a71506b43
                                                                                                                      • Instruction ID: b10d44d994ba7d16d3836d3727eae4ff29eb8fe937e0b1c7bc4634812eea1bf7
                                                                                                                      • Opcode Fuzzy Hash: b2b8c6529baa20082b3d4c56053be80004278baafa033a5fe618195a71506b43
                                                                                                                      • Instruction Fuzzy Hash: 77417C71A05245DFDB15CF98C580A6EB7F8EF48310F22E46EE55A97701DB30AE41CB90
                                                                                                                      Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp\inetc.dll), ref: 00402695
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp$C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp\inetc.dll
                                                                                                                      • API String ID: 1659193697-2838241375
                                                                                                                      • Opcode ID: 9a86cc41fb3ba1d07c106fca7ec167276fc7dee72b5d11bed2732143b2a4cd05
                                                                                                                      • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                                                      • Opcode Fuzzy Hash: 9a86cc41fb3ba1d07c106fca7ec167276fc7dee72b5d11bed2732143b2a4cd05
                                                                                                                      • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                                                      Function 70401933 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000200,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,704023BE,00000000,?,00000000), ref: 7040194F
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000001,?,704023BE,00000000,?,00000000,00000000,?,7040294A,00000000,7040510C,00000001,00000000,00000000,00000000), ref: 70401961
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000200,00000000,00000000,00000000,00000000,00000000,00000000,?,704023BE,00000000,?,00000000,00000000,?,7040294A), ref: 70401980
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 70401991
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalMultiWide$AllocFree
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2244543456-0
                                                                                                                      • Opcode ID: a6d24a84cf9fb83aab84bf213aebb2640ffbfe37d7ac6b1c07b94b5d4b57eb86
                                                                                                                      • Instruction ID: 08ade1dde31deec3e158462db7e7df7925aae24f62f191ee606de0baa4f5167c
                                                                                                                      • Opcode Fuzzy Hash: a6d24a84cf9fb83aab84bf213aebb2640ffbfe37d7ac6b1c07b94b5d4b57eb86
                                                                                                                      • Instruction Fuzzy Hash: F3014BB6200611BFEB121F56CC49F6F7B6DEF4A750F1000A4BA09E92A0D671D8108AA0
                                                                                                                      Function 704019D2 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 25stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrcmpW.KERNEL32(00000000,704050D0,00000000,h<@p,70402C02,00000000,00000000,Async,00000000,?,?,?,704045D3,70403C68,?,00000000), ref: 704019EB
                                                                                                                      • lstrcmpiW.KERNEL32(00000000,false,?,?,?,704045D3,70403C68,?,00000000,00000000), ref: 704019FD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmplstrcmpi
                                                                                                                      • String ID: false$h<@p
                                                                                                                      • API String ID: 3524194181-826809576
                                                                                                                      • Opcode ID: 920fddb70b685e1a6e5e2aa83ad30436b4f1aa6166ea36320ee1d3beb326e8d7
                                                                                                                      • Instruction ID: 6414912878d6e4be1fbf06e8be5fc01b9cd92387e47d38eabef4d1272d013747
                                                                                                                      • Opcode Fuzzy Hash: 920fddb70b685e1a6e5e2aa83ad30436b4f1aa6166ea36320ee1d3beb326e8d7
                                                                                                                      • Instruction Fuzzy Hash: B2E048313112509FCB226A119D04B5F77BCDB01762B2086F8A84BF5734E728D8409ED0
                                                                                                                      Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user~1\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                      • CloseHandle.KERNEL32(000002F8,C:\Users\user~1\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp, xrefs: 00403C5B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsiEA2C.tmp
                                                                                                                      • API String ID: 2962429428-3639574263
                                                                                                                      • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                      • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                      • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                      • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                      Function 70173692 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 70173722
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                      • String ID: pow
                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                      • Opcode ID: 164e689ee448fa5ef140251dcd04cebe20d4019e7ed0c06ead3224a848e9d305
                                                                                                                      • Instruction ID: 37e2554607db700b8f59f7c8ddc0f80fa0949ab6a7334a8458bf3f22e8709a6d
                                                                                                                      • Opcode Fuzzy Hash: 164e689ee448fa5ef140251dcd04cebe20d4019e7ed0c06ead3224a848e9d305
                                                                                                                      • Instruction Fuzzy Hash: 175159A5A0C205DAC7066B24C90136E7BF99B40764F70FD6CF48742AACEF349CD4AA46
                                                                                                                      Function 7017ABBE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCPInfo.KERNEL32(?,00000000), ref: 7017ABD2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Info
                                                                                                                      • String ID: $
                                                                                                                      • API String ID: 1807457897-3032137957
                                                                                                                      • Opcode ID: 173968234549d740033912d7266f6a573da5a88e011d4db105789e4b770e31d0
                                                                                                                      • Instruction ID: d385e157b4ad673dac818517d7da24e6526a82abf55524fa61c1c22968f7b36e
                                                                                                                      • Opcode Fuzzy Hash: 173968234549d740033912d7266f6a573da5a88e011d4db105789e4b770e31d0
                                                                                                                      • Instruction Fuzzy Hash: BF419D3140429C6FEB179764CD96BEF3FADAB01714F7460D4E686CB0D2C3255A84CBA1
                                                                                                                      Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,771B3420,?,771B2EE0,00405D94,?,771B3420,771B2EE0,00000000), ref: 00405FF0
                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                      • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,771B3420,?,771B2EE0,00405D94,?,771B3420,771B2EE0,00000000), ref: 00406098
                                                                                                                      • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,771B3420,?,771B2EE0,00405D94,?,771B3420,771B2EE0), ref: 004060A8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                      • String ID: P_B
                                                                                                                      • API String ID: 3248276644-906794629
                                                                                                                      • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                      • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                      • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                      • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                      Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                        • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                      • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                      • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                      • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                      • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                      Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user~1\AppData\Local\Temp,0040313C,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,80000000,00000003), ref: 00405F89
                                                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user~1\AppData\Local\Temp,0040313C,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,C:\Users\user~1\AppData\Local\Temp\nsrC311.tmp,80000000,00000003), ref: 00405F99
                                                                                                                      Strings
                                                                                                                      • C:\Users\user~1\AppData\Local\Temp, xrefs: 00405F83
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CharPrevlstrlen
                                                                                                                      • String ID: C:\Users\user~1\AppData\Local\Temp
                                                                                                                      • API String ID: 2709904686-3107243751
                                                                                                                      • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                      • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                                                      • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                      • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                                                      Function 70402536 Relevance: 5.2, APIs: 4, Instructions: 243stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(00000000,70403F05,?,70403F05,?,00000000,?,00000000,00000000,00000000), ref: 70402578
                                                                                                                      • lstrlenW.KERNEL32(?,70403F05,?,00000000,00000000,00000000,?,70401CC7,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 70402642
                                                                                                                      • lstrlenW.KERNEL32(?,70403F05,?,70403F05,?,00000000,?,00000000,00000000,00000000), ref: 70402607
                                                                                                                        • Part of subcall function 7040229E: GlobalReAlloc.KERNEL32(00000000,?,00000042), ref: 704022D4
                                                                                                                        • Part of subcall function 7040229E: GetLastError.KERNEL32(?,?,70402754,00000000,00000000,00000000,7040510C,00000001,70403F05,?,00000000,00000000,00000000,?,70401CC7,00000000), ref: 704022DE
                                                                                                                        • Part of subcall function 7040229E: GlobalFree.KERNEL32(00000000), ref: 704022EB
                                                                                                                        • Part of subcall function 7040229E: lstrcpyW.KERNEL32(?,00000000), ref: 70402319
                                                                                                                      • lstrcpyW.KERNEL32(?,70405110), ref: 704027AF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen$Globallstrcpy$AllocErrorFreeLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2385761697-0
                                                                                                                      • Opcode ID: 9dae5f93bba76ceeaba31a503b0ab8b5a15f8cd58ab4cb31400a1e61540531e7
                                                                                                                      • Instruction ID: 14b841b9acdf9cf175fc27fa3ef63451519f2d9936e1972fb88e46051bd1eedf
                                                                                                                      • Opcode Fuzzy Hash: 9dae5f93bba76ceeaba31a503b0ab8b5a15f8cd58ab4cb31400a1e61540531e7
                                                                                                                      • Instruction Fuzzy Hash: 4D713971200119BFDF129F94CD85FAF3B6AEF49304F4080A8FE156A1A0D77A9921DBA1
                                                                                                                      Function 7040229E Relevance: 5.1, APIs: 4, Instructions: 85memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,?,00000042), ref: 704022D4
                                                                                                                      • GetLastError.KERNEL32(?,?,70402754,00000000,00000000,00000000,7040510C,00000001,70403F05,?,00000000,00000000,00000000,?,70401CC7,00000000), ref: 704022DE
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 704022EB
                                                                                                                      • lstrcpyW.KERNEL32(?,00000000), ref: 70402319
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocErrorFreeLastlstrcpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 213496960-0
                                                                                                                      • Opcode ID: d49653e600cf6cb3de28f6866560fe390cd3d37d937312973b347b66c5c1ffd9
                                                                                                                      • Instruction ID: e9759820cfa18d9295da6e8245e94976cf4a5d908b4eb04582fe312cc6937150
                                                                                                                      • Opcode Fuzzy Hash: d49653e600cf6cb3de28f6866560fe390cd3d37d937312973b347b66c5c1ffd9
                                                                                                                      • Instruction Fuzzy Hash: FD312A352002068FDB01CF69CA91A6EB3B5FF49315B6000BDED86E7391D738E861CB90
                                                                                                                      Function 7017A094 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • HeapReAlloc.KERNEL32(00000000,00000050,00000020,00000000,70179E5C,00000020,?,00000000,?,70174652,?,?), ref: 7017A0BC
                                                                                                                      • HeapAlloc.KERNEL32(00000008,000041C4,00000020,00000000,70179E5C,00000020,?,00000000,?,70174652,?,?), ref: 7017A0F0
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 7017A10A
                                                                                                                      • HeapFree.KERNEL32(00000000,?), ref: 7017A121
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2612516469.0000000070171000.00000020.00000001.01000000.00000012.sdmp, Offset: 70170000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2612450059.0000000070170000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612611123.000000007017D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612655179.000000007017E000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612769197.0000000070180000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2612934218.0000000070181000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613088513.0000000070189000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2613225956.000000007018C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70170000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocHeap$FreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3499195154-0
                                                                                                                      • Opcode ID: 6df65fe5aa2a2845e7dfc07de6e0ce5a1acb1a29952ee05084447b727256d2ea
                                                                                                                      • Instruction ID: dcad7267427939f5345fee69b680b6ef68d7dcd389abb26e319823d91c5ecb9a
                                                                                                                      • Opcode Fuzzy Hash: 6df65fe5aa2a2845e7dfc07de6e0ce5a1acb1a29952ee05084447b727256d2ea
                                                                                                                      • Instruction Fuzzy Hash: C81100722006019FE721CF6ACC49B1A7BB6FB85720FA06519F166C69F0D3719981CF10
                                                                                                                      Function 704021FB Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000002,00000002,704024FE,00000000,00000000,00000000,00000002,771AF360,?,704024FE,00000002,00000002), ref: 70402210
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,704024FE,00000002,00000002), ref: 70402226
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000002,00000002,704024FE,00000000,00000000,?,?,704024FE,00000002,00000002), ref: 7040223D
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 7040224E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2614326431.0000000070401000.00000020.00000001.01000000.00000013.sdmp, Offset: 70400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2614247079.0000000070400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614446696.0000000070405000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2614566789.0000000070407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_70400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalMultiWide$AllocFree
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2244543456-0
                                                                                                                      • Opcode ID: c2a3a2d996219e7c22d045fc70d215411e34f2b94e7b3a19a7e46faba3e40358
                                                                                                                      • Instruction ID: d8c64698585b9dea2c09be0c7992a780618ec55172d55a96c9ca3c6b5b79815d
                                                                                                                      • Opcode Fuzzy Hash: c2a3a2d996219e7c22d045fc70d215411e34f2b94e7b3a19a7e46faba3e40358
                                                                                                                      • Instruction Fuzzy Hash: 62F04472200621BFEB121BA6CD4DF5F7BACEF89750F5040B4FA09EA290D674C804C6A1
                                                                                                                      Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                                                                                      • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000E.00000002.2608716707.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 0000000E.00000002.2608668529.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608750456.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2608791546.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      • Associated: 0000000E.00000002.2609104385.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_14_2_400000_nsrC311.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 190613189-0
                                                                                                                      • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                      • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                      • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                      • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:2.9%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:1.5%
                                                                                                                      Total number of Nodes:1463
                                                                                                                      Total number of Limit Nodes:25
                                                                                                                      execution_graph 88170 f0e660 88171 f0e690 88170->88171 88204 edecf0 88171->88204 88173 f0e699 88174 edecf0 shared_ptr 60 API calls 88173->88174 88175 f0e6c1 88174->88175 88176 edecf0 shared_ptr 60 API calls 88175->88176 88177 f0e6e6 88176->88177 88178 edecf0 shared_ptr 60 API calls 88177->88178 88179 f0e70b 88178->88179 88231 ea4b10 88179->88231 88183 f0e73b 88184 ea4b10 _DebugHeapAllocator 60 API calls 88183->88184 88185 f0e75d 88184->88185 88186 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88185->88186 88187 f0e766 88186->88187 88261 f08fa0 88187->88261 88189 f0e779 88275 eaaf70 88189->88275 88191 f0e795 shared_ptr Concurrency::details::ResourceManager::SafeReference 88192 f0e832 shared_ptr 88191->88192 88193 ea4b10 _DebugHeapAllocator 60 API calls 88191->88193 88194 f0e7d1 88193->88194 88195 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88194->88195 88196 f0e7da 88195->88196 88197 ea4b10 _DebugHeapAllocator 60 API calls 88196->88197 88198 f0e809 88197->88198 88199 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88198->88199 88200 f0e812 88199->88200 88278 f08ee0 88200->88278 88202 f0e824 88202->88192 88286 eb3360 88202->88286 88205 eded29 88204->88205 88289 edda20 88205->88289 88215 eded93 shared_ptr 88311 ede100 88215->88311 88217 edee41 std::runtime_error::runtime_error 88324 ea4b70 88217->88324 88218 ededba shared_ptr 88218->88217 88336 eddac0 60 API calls shared_ptr 88218->88336 88337 edf090 60 API calls 2 library calls 88218->88337 88224 edee67 88225 ea9e10 task 60 API calls 88224->88225 88226 edee76 88225->88226 88227 ea9e10 task 60 API calls 88226->88227 88228 edee82 88227->88228 88229 ea9e10 task 60 API calls 88228->88229 88230 edee91 88229->88230 88230->88173 88487 ea49a0 88231->88487 88233 ea4b23 88234 ede500 88233->88234 88235 ede534 Concurrency::details::ContextBase::GetWorkQueueIdentity 88234->88235 88236 ea9e10 task 60 API calls 88235->88236 88239 ede566 Concurrency::details::ResourceManager::SafeReference shared_ptr 88236->88239 88238 ede5ee Concurrency::details::ResourceManager::SafeReference 88240 ede602 88238->88240 88247 ede642 ~ Concurrency::details::ResourceManager::SafeReference std::_Mutex_base::~_Mutex_base 88238->88247 88520 edddb0 88239->88520 88532 ea4d60 88240->88532 88245 ea9df0 task 60 API calls 88246 ede62b shared_ptr 88245->88246 88246->88183 88248 edf1c0 shared_ptr 60 API calls 88247->88248 88249 ede738 shared_ptr 88248->88249 88540 ea4c50 88249->88540 88252 ea9e10 task 60 API calls 88253 ede771 88252->88253 88254 ea9e10 task 60 API calls 88253->88254 88255 ede780 88254->88255 88256 ea9e10 task 60 API calls 88255->88256 88257 ede78f 88256->88257 88258 edd900 Concurrency::details::ResourceManager::SafeReference 60 API calls 88257->88258 88259 ede79b 88258->88259 88260 ea9df0 task 60 API calls 88259->88260 88260->88246 88262 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 88261->88262 88263 f08fd1 Concurrency::details::ContextBase::GetWorkQueueIdentity 88262->88263 88264 f08fe8 RegCreateKeyW 88263->88264 88265 f08ffb 88264->88265 88266 f0908c 88264->88266 88268 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 88265->88268 88267 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88266->88267 88274 f09057 shared_ptr 88267->88274 88269 f09007 Concurrency::details::ContextBase::GetWorkQueueIdentity 88268->88269 88270 f09012 RegQueryValueExW 88269->88270 88585 ef5f70 88270->88585 88273 ea4b10 _DebugHeapAllocator 60 API calls 88273->88274 88274->88189 88589 eaaeb0 88275->88589 88277 eaaf83 88277->88191 88596 eabc30 88278->88596 88280 f08ef9 RegCreateKeyW 88281 f08f08 Concurrency::details::ContextBase::GetWorkQueueIdentity 88280->88281 88285 f08f4d shared_ptr 88280->88285 88282 f08f10 RegQueryValueExW 88281->88282 88283 f08f37 RegCloseKey 88282->88283 88284 f08f5a RegCloseKey 88282->88284 88283->88285 88284->88285 88285->88202 88597 eb33e0 88286->88597 88288 eb337a 88288->88192 88290 edda4a shared_ptr 88289->88290 88291 edda82 Concurrency::details::ContextBase::GetWorkQueueIdentity 88290->88291 88338 eddac0 60 API calls shared_ptr 88290->88338 88339 eafdf0 60 API calls shared_ptr 88290->88339 88294 ea9e10 task 60 API calls 88291->88294 88295 eddaa6 88294->88295 88296 eddd70 88295->88296 88297 eddd8a _DebugHeapAllocator 88296->88297 88340 ebc150 88297->88340 88299 eddd9d 88300 edf1c0 88299->88300 88345 ea6530 88300->88345 88302 edf1d9 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 88303 ea9e10 task 60 API calls 88302->88303 88304 eded68 88303->88304 88305 edda00 88304->88305 88306 eddd70 shared_ptr 60 API calls 88305->88306 88307 edda13 88306->88307 88308 ea9e10 88307->88308 88392 ebba20 88308->88392 88310 ea9e1f task 88310->88215 88397 ea5f30 88311->88397 88313 ede3c0 allocator 88314 ea9df0 task 60 API calls 88313->88314 88315 ede3e1 88314->88315 88318 ea9df0 task 60 API calls 88315->88318 88316 ede39f 88316->88313 88403 eafdb0 60 API calls Concurrency::task_continuation_context::task_continuation_context 88316->88403 88317 ede12f shared_ptr 88321 ede28b shared_ptr 88317->88321 88401 eafdb0 60 API calls Concurrency::task_continuation_context::task_continuation_context 88317->88401 88320 ede3f0 88318->88320 88320->88218 88321->88313 88321->88316 88402 eafdb0 60 API calls Concurrency::task_continuation_context::task_continuation_context 88321->88402 88409 eb3650 88324->88409 88328 ea4b9a 88416 eb1380 88328->88416 88331 ea4bc0 88333 ea9df0 88331->88333 88482 ebb960 88333->88482 88335 ea9dff task 88335->88224 88336->88218 88337->88218 88338->88290 88339->88290 88341 ebc1c5 88340->88341 88343 ebc170 _DebugHeapAllocator task 88340->88343 88344 e9eab0 60 API calls 8 library calls 88341->88344 88343->88299 88344->88343 88346 ea655c Concurrency::details::VirtualProcessorRoot::Subscribe Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator shared_ptr 88345->88346 88349 e9a890 88346->88349 88348 ea65ae 88348->88302 88350 e9a8a7 Concurrency::details::VirtualProcessorRoot::Subscribe _DebugHeapAllocator shared_ptr 88349->88350 88352 e9a8d9 std::bad_exception::~bad_exception _DebugHeapAllocator ctype numpunct shared_ptr 88350->88352 88353 ebbea0 88350->88353 88352->88348 88358 e9d9a0 88353->88358 88359 e9d9ba 88358->88359 88360 e9d9bf 88358->88360 88368 ebb100 RaiseException stdext::threads::lock_error::lock_error std::_Throw_Cpp_error 88359->88368 88362 e99f00 88360->88362 88363 e99f1a 88362->88363 88364 e99f0c 88362->88364 88366 e99f15 88363->88366 88369 eb6f90 88363->88369 88372 e99f40 60 API calls 2 library calls 88364->88372 88366->88352 88368->88360 88373 1008a99 88369->88373 88371 eb6f9c 88371->88366 88372->88366 88376 1008a9e 88373->88376 88375 1008ab8 88375->88371 88376->88375 88378 1008aba stdext::threads::lock_error::lock_error 88376->88378 88381 100ef81 88376->88381 88388 1022338 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 88376->88388 88389 100a65e RaiseException 88378->88389 88380 1009a71 88380->88371 88386 10236f7 __Getcoll 88381->88386 88382 1023735 88391 100e7e5 12 API calls __dosmaperr 88382->88391 88384 1023720 RtlAllocateHeap 88385 1023733 88384->88385 88384->88386 88385->88376 88386->88382 88386->88384 88390 1022338 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 88386->88390 88388->88376 88389->88380 88390->88386 88391->88385 88394 ebba4c std::bad_exception::~bad_exception Concurrency::details::VirtualProcessorRoot::Subscribe task ctype 88392->88394 88393 ebba98 task 88393->88310 88394->88393 88396 ebe2b0 60 API calls allocator 88394->88396 88396->88393 88398 ea5f61 numpunct shared_ptr 88397->88398 88404 e9a4c0 88398->88404 88400 ea5f8a 88400->88317 88401->88317 88402->88321 88403->88316 88405 e9a4d7 Concurrency::details::VirtualProcessorRoot::Subscribe shared_ptr numpunct 88404->88405 88407 e9a509 std::bad_exception::~bad_exception ctype Concurrency::task_continuation_context::task_continuation_context numpunct shared_ptr 88405->88407 88408 ebbd20 60 API calls 2 library calls 88405->88408 88407->88400 88408->88407 88433 eb36d0 88409->88433 88412 ea49e0 88413 ea49e9 88412->88413 88413->88413 88415 ea4a1d _DebugHeapAllocator 88413->88415 88455 eb1320 RaiseException std::_Throw_Cpp_error allocator 88413->88455 88415->88328 88417 eb1393 88416->88417 88419 ea4bad 88416->88419 88417->88419 88456 eb39c0 60 API calls Concurrency::details::ResourceManager::SafeReference 88417->88456 88419->88331 88420 eaaf90 88419->88420 88421 eaaf9f 88420->88421 88423 eaafa8 88420->88423 88457 eb3540 88421->88457 88424 eaafc3 88423->88424 88425 eaaff6 88423->88425 88460 eb35a0 88424->88460 88467 eb2280 RaiseException _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::task_continuation_context::task_continuation_context 88425->88467 88429 eaaff4 88429->88331 88431 eaafe5 88464 eb3f30 88431->88464 88434 eb36ef 88433->88434 88447 eb372d 88433->88447 88449 1008da4 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW Concurrency::details::_Condition_variable::_Condition_variable 88434->88449 88436 eb36f9 88438 eb3705 GetProcessHeap 88436->88438 88436->88447 88439 eb3716 Concurrency::details::_Condition_variable::_Condition_variable 88438->88439 88450 1008d13 60 API calls _Error_objects 88439->88450 88440 eb3758 Concurrency::details::_Condition_variable::_Condition_variable 88448 ea4b91 88440->88448 88453 1008d13 60 API calls _Error_objects 88440->88453 88443 eb3720 88451 1008d53 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 88443->88451 88444 eb377d 88454 1008d53 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 88444->88454 88447->88448 88452 1008da4 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW Concurrency::details::_Condition_variable::_Condition_variable 88447->88452 88448->88412 88449->88436 88450->88443 88451->88447 88452->88440 88453->88444 88454->88448 88455->88413 88456->88419 88468 eb6fb0 88457->88468 88459 eb3554 MultiByteToWideChar 88459->88423 88469 eb3bd0 88460->88469 88463 eb16c0 MultiByteToWideChar shared_ptr 88463->88431 88477 eb5100 88464->88477 88466 eb3f43 88466->88429 88467->88429 88468->88459 88470 eb3bdf 88469->88470 88472 eb3be9 Concurrency::details::ContextBase::GetWorkQueueIdentity 88469->88472 88475 eb1320 RaiseException std::_Throw_Cpp_error allocator 88470->88475 88473 eaafcf 88472->88473 88476 eb3b30 60 API calls 2 library calls 88472->88476 88473->88463 88475->88472 88476->88473 88478 eb510d Concurrency::details::ContextBase::GetWorkQueueIdentity 88477->88478 88480 eb5127 Concurrency::details::ContextBase::GetWorkQueueIdentity 88478->88480 88481 eb1320 RaiseException std::_Throw_Cpp_error allocator 88478->88481 88480->88466 88481->88480 88484 ebb98c std::bad_exception::~bad_exception Concurrency::details::VirtualProcessorRoot::Subscribe task ctype 88482->88484 88483 ebb9d8 Concurrency::task_continuation_context::task_continuation_context 88483->88335 88484->88483 88486 ebe190 60 API calls allocator 88484->88486 88486->88483 88488 ea49b1 Concurrency::details::ContextBase::GetWorkQueueIdentity 88487->88488 88491 eb1420 88488->88491 88490 ea49bd _DebugHeapAllocator 88490->88233 88492 eb143e _DebugHeapAllocator 88491->88492 88493 eb145a _DebugHeapAllocator 88492->88493 88495 eb1491 _DebugHeapAllocator 88492->88495 88497 eb6cb0 RaiseException Concurrency::details::_Condition_variable::_Condition_variable 88492->88497 88493->88490 88498 ed4120 88495->88498 88497->88495 88499 ed4133 88498->88499 88503 ed412c ctype 88498->88503 88500 ed4155 88499->88500 88504 ed416f char_traits 88499->88504 88514 100e7e5 12 API calls __dosmaperr 88500->88514 88502 ed415a 88515 100e6e7 60 API calls __strnicoll 88502->88515 88503->88493 88504->88503 88506 ed41b5 88504->88506 88510 ed41cc 88504->88510 88516 100e7e5 12 API calls __dosmaperr 88506->88516 88508 ed41ba 88517 100e6e7 60 API calls __strnicoll 88508->88517 88510->88503 88518 100e7e5 12 API calls __dosmaperr 88510->88518 88512 ed41f5 88519 100e6e7 60 API calls __strnicoll 88512->88519 88514->88502 88515->88503 88516->88508 88517->88503 88518->88512 88519->88503 88521 ea5f30 numpunct 60 API calls 88520->88521 88522 eddddf ~ Concurrency::details::ResourceManager::SafeReference shared_ptr 88521->88522 88524 eddf9a Concurrency::details::ResourceManager::SafeReference 88522->88524 88549 edf100 62 API calls Concurrency::details::ResourceManager::SafeReference 88522->88549 88550 edf180 60 API calls Concurrency::details::ResourceManager::SafeReference 88522->88550 88523 ede0bc shared_ptr 88525 edd900 Concurrency::details::ResourceManager::SafeReference 60 API calls 88523->88525 88524->88523 88551 edf180 60 API calls Concurrency::details::ResourceManager::SafeReference 88524->88551 88526 ede0dd 88525->88526 88527 ea9df0 task 60 API calls 88526->88527 88529 ede0ec 88527->88529 88529->88238 88533 eb3650 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 88532->88533 88534 ea4d81 88533->88534 88535 ea49e0 Concurrency::details::_Condition_variable::_Condition_variable RaiseException 88534->88535 88536 ea4d8a 88535->88536 88537 edd900 88536->88537 88552 eddcb0 88537->88552 88541 eb3650 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 88540->88541 88542 ea4c71 88541->88542 88543 ea49e0 Concurrency::details::_Condition_variable::_Condition_variable RaiseException 88542->88543 88544 ea4c7a 88543->88544 88545 eb1380 Concurrency::details::ResourceManager::SafeReference 60 API calls 88544->88545 88546 ea4c8d 88545->88546 88547 ea4ca0 88546->88547 88557 eab010 88546->88557 88547->88252 88549->88522 88550->88522 88551->88524 88554 eddcd6 std::bad_exception::~bad_exception Concurrency::details::VirtualProcessorRoot::Subscribe ctype 88552->88554 88553 edd90f 88553->88245 88554->88553 88556 ebe2b0 60 API calls allocator 88554->88556 88556->88553 88560 eaaf50 88557->88560 88563 eb5170 88560->88563 88564 eb5180 _DebugHeapAllocator 88563->88564 88567 eb51a0 88564->88567 88568 eb51af 88567->88568 88569 eb51bc 88567->88569 88582 eb2280 RaiseException _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::task_continuation_context::task_continuation_context 88568->88582 88573 eb51cc Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 88569->88573 88583 eb1320 RaiseException std::_Throw_Cpp_error allocator 88569->88583 88572 eaaf63 88572->88547 88574 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 88573->88574 88575 eb51f5 88574->88575 88576 eb5200 _DebugHeapAllocator 88575->88576 88577 eb5225 _DebugHeapAllocator 88575->88577 88584 eb1730 60 API calls _wmemcpy_s 88576->88584 88578 ed4120 _memcpy_s 60 API calls 88577->88578 88580 eb5220 88578->88580 88581 eb3f30 Concurrency::task_continuation_context::task_continuation_context RaiseException 88580->88581 88581->88572 88582->88572 88583->88573 88584->88580 88586 ef5f7f _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 88585->88586 88587 eb5100 Concurrency::task_continuation_context::task_continuation_context RaiseException 88586->88587 88588 ef5fae RegCloseKey 88587->88588 88588->88273 88590 eaaec1 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 88589->88590 88591 eaaf1a 88590->88591 88593 eaaef2 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 88590->88593 88595 eaaf18 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 88590->88595 88592 eb1420 _DebugHeapAllocator 60 API calls 88591->88592 88592->88595 88594 eb51a0 _DebugHeapAllocator 60 API calls 88593->88594 88594->88595 88595->88277 88596->88280 88598 eb340e 88597->88598 88599 eb3404 88597->88599 88615 eb3680 88598->88615 88634 eb1320 RaiseException std::_Throw_Cpp_error allocator 88599->88634 88603 eb3431 88619 eb3820 88603->88619 88609 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 88610 eb3459 Concurrency::details::ContextBase::GetWorkQueueIdentity 88609->88610 88630 eb3390 88610->88630 88613 eb3f30 Concurrency::task_continuation_context::task_continuation_context RaiseException 88614 eb3488 shared_ptr 88613->88614 88614->88288 88616 eb3699 __vfwprintf_l 88615->88616 88636 10151e7 88616->88636 88620 eb3831 Concurrency::details::ResourceManager::SafeReference 88619->88620 88621 eb3439 88620->88621 88622 eb3650 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 88620->88622 88623 ea4cf0 88621->88623 88622->88621 88624 ea49e0 Concurrency::details::_Condition_variable::_Condition_variable RaiseException 88623->88624 88625 ea4d18 88624->88625 88626 eb1380 Concurrency::details::ResourceManager::SafeReference 60 API calls 88625->88626 88627 ea4d2b 88626->88627 88628 ea4d3e 88627->88628 88629 eab010 _DebugHeapAllocator 60 API calls 88627->88629 88628->88609 88629->88628 88631 eb33ad __vfwprintf_l 88630->88631 88669 1015228 88631->88669 88634->88598 88635 eb1320 RaiseException std::_Throw_Cpp_error allocator 88635->88603 88637 10151fb __vfwprintf_l 88636->88637 88642 10109ee 88637->88642 88643 1010a1a 88642->88643 88644 1010a3d 88642->88644 88664 100e66a 60 API calls 3 library calls 88643->88664 88644->88643 88647 1010a45 Concurrency::details::ResourceManager::SafeReference 88644->88647 88665 1013530 60 API calls 3 library calls 88647->88665 88648 1010b6f 88651 100e423 88648->88651 88650 1010a32 __vfwprintf_l 88657 10093d4 88650->88657 88652 100e42f 88651->88652 88653 100e446 88652->88653 88667 100e4ce 60 API calls 2 library calls 88652->88667 88655 eb341b 88653->88655 88668 100e4ce 60 API calls 2 library calls 88653->88668 88655->88603 88655->88635 88658 10093dc 88657->88658 88659 10093dd IsProcessorFeaturePresent 88657->88659 88658->88648 88661 1009abb 88659->88661 88666 1009a7e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 88661->88666 88663 1009b9e 88663->88648 88664->88650 88665->88650 88666->88663 88667->88653 88668->88655 88670 101523c __vfwprintf_l 88669->88670 88675 1010c10 88670->88675 88673 100e423 __vfwprintf_l 60 API calls 88674 eb33bc 88673->88674 88674->88613 88676 1010c1c 88675->88676 88677 1010c3f 88675->88677 88683 100e66a 60 API calls 3 library calls 88676->88683 88682 1010c66 88677->88682 88684 10106f7 60 API calls 3 library calls 88677->88684 88679 1010c37 88679->88673 88682->88679 88685 100e66a 60 API calls 3 library calls 88682->88685 88683->88679 88684->88682 88685->88679 88686 f0fbc0 89037 f1c600 88686->89037 88688 f0fbda 88689 edecf0 shared_ptr 60 API calls 88688->88689 88690 f0fc11 88689->88690 88691 edecf0 shared_ptr 60 API calls 88690->88691 88692 f0fc32 88691->88692 88693 edecf0 shared_ptr 60 API calls 88692->88693 88694 f0fc53 88693->88694 88695 edecf0 shared_ptr 60 API calls 88694->88695 88696 f0fc74 88695->88696 88697 edecf0 shared_ptr 60 API calls 88696->88697 88698 f0fc95 88697->88698 88699 edecf0 shared_ptr 60 API calls 88698->88699 88700 f0fcb6 88699->88700 88701 edecf0 shared_ptr 60 API calls 88700->88701 88702 f0fcd7 88701->88702 88703 edecf0 shared_ptr 60 API calls 88702->88703 88704 f0fcf8 88703->88704 88705 edecf0 shared_ptr 60 API calls 88704->88705 88706 f0fd19 88705->88706 88707 edecf0 shared_ptr 60 API calls 88706->88707 88708 f0fd3a 88707->88708 88709 edecf0 shared_ptr 60 API calls 88708->88709 88710 f0fd5b 88709->88710 88711 edecf0 shared_ptr 60 API calls 88710->88711 88712 f0fd7c 88711->88712 88713 edecf0 shared_ptr 60 API calls 88712->88713 88714 f0fd9d 88713->88714 88715 ea4b10 _DebugHeapAllocator 60 API calls 88714->88715 88716 f0fdcb 88715->88716 88717 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88716->88717 88718 f0fdd1 88717->88718 88719 ea4b10 _DebugHeapAllocator 60 API calls 88718->88719 88720 f0fdee 88719->88720 88721 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88720->88721 88722 f0fdf4 88721->88722 88723 f08fa0 63 API calls 88722->88723 88724 f0fe03 88723->88724 88725 eaaf70 _DebugHeapAllocator 60 API calls 88724->88725 88726 f0fe11 shared_ptr 88725->88726 89059 f0f170 88726->89059 88729 ea4b10 _DebugHeapAllocator 60 API calls 88730 f0fe33 88729->88730 88731 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88730->88731 88732 f0fe3f Concurrency::details::ContextBase::GetWorkQueueIdentity 88731->88732 88733 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88732->88733 88734 f0fe5b shared_ptr Concurrency::details::ResourceManager::SafeReference 88733->88734 88735 f0ffc0 88734->88735 88736 f0fe79 88734->88736 88738 edecf0 shared_ptr 60 API calls 88735->88738 88737 edecf0 shared_ptr 60 API calls 88736->88737 88739 f0fe9a 88737->88739 88740 f0ffde 88738->88740 88741 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 88739->88741 88743 edecf0 shared_ptr 60 API calls 88740->88743 88742 f0febb 88741->88742 88746 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88742->88746 88744 f0ffff 88743->88744 88745 ea4b10 _DebugHeapAllocator 60 API calls 88744->88745 88747 f10014 88745->88747 88748 f0fed6 88746->88748 88749 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88747->88749 88750 ea4b10 _DebugHeapAllocator 60 API calls 88748->88750 88755 f10020 Concurrency::details::ContextBase::GetWorkQueueIdentity 88749->88755 88751 f0fef4 88750->88751 88752 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88751->88752 88753 f0fefa 88752->88753 88754 ea4b10 _DebugHeapAllocator 60 API calls 88753->88754 88756 f0ff17 88754->88756 88758 eab010 _DebugHeapAllocator 60 API calls 88755->88758 88757 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88756->88757 88759 f0ff1d 88757->88759 88760 f1003e shared_ptr 88758->88760 89223 f0f4e0 69 API calls 7 library calls 88759->89223 89081 eb10b0 88760->89081 88764 ea4b10 _DebugHeapAllocator 60 API calls 88765 f10067 88764->88765 88766 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88765->88766 88767 f10073 88766->88767 89087 eb0f20 88767->89087 88769 f10081 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 88770 f10096 GetFileAttributesW 88769->88770 88771 f100aa 88770->88771 88813 f101d3 shared_ptr 88770->88813 88771->88813 89091 eac070 88771->89091 88773 edecf0 shared_ptr 60 API calls 88776 f1023f 88773->88776 88774 f100c9 88775 ea4b10 _DebugHeapAllocator 60 API calls 88774->88775 88777 f100de 88775->88777 88779 edecf0 shared_ptr 60 API calls 88776->88779 88778 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88777->88778 88780 f100ea 88778->88780 88782 f10260 88779->88782 88781 eb0f20 _DebugHeapAllocator 60 API calls 88780->88781 88786 f100f6 shared_ptr 88781->88786 88783 ea4b10 _DebugHeapAllocator 60 API calls 88782->88783 88784 f10276 88783->88784 88785 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88784->88785 88787 f10282 Concurrency::details::ContextBase::GetWorkQueueIdentity 88785->88787 88788 edecf0 shared_ptr 60 API calls 88786->88788 88789 f1028c CreateEventW 88787->88789 88791 f10122 88788->88791 88790 f102a9 shared_ptr 88789->88790 88793 1008a99 std::_Facet_Register 14 API calls 88790->88793 88792 ea4b10 _DebugHeapAllocator 60 API calls 88791->88792 88794 f1013a 88792->88794 88796 f102b3 88793->88796 88795 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88794->88795 88797 f10146 88795->88797 88799 ea4b10 _DebugHeapAllocator 60 API calls 88796->88799 88805 f10358 shared_ptr 88796->88805 88798 ea4b10 _DebugHeapAllocator 60 API calls 88797->88798 88801 f10169 88798->88801 88800 f102db 88799->88800 88802 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88800->88802 89100 f0d7a0 88801->89100 88804 f102e7 88802->88804 88806 ea4b10 _DebugHeapAllocator 60 API calls 88804->88806 89160 edfd80 88805->89160 88808 f10306 88806->88808 88810 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88808->88810 88809 f103d9 88811 f103eb 88809->88811 89172 10157d6 88809->89172 88812 f10312 88810->88812 89188 f0e910 88811->89188 88816 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88812->88816 88813->88773 88818 f1032f 88816->88818 89225 edf890 63 API calls 6 library calls 88818->89225 88819 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 88822 f1041b 88819->88822 88820 f1019d GetFileAttributesW 88820->88813 88837 f1016e Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 88820->88837 88823 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88822->88823 89036 f10428 shared_ptr 88822->89036 88825 f104fa 88823->88825 88824 ea4b10 _DebugHeapAllocator 60 API calls 88824->88837 89208 f04d40 88825->89208 88828 f104ff 88829 f1065a 88828->88829 88830 f1050d 88828->88830 88831 f10704 88829->88831 88832 f10667 88829->88832 88833 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 88830->88833 88835 ea4b10 _DebugHeapAllocator 60 API calls 88831->88835 88834 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 88832->88834 88836 f1052b 88833->88836 88838 f10685 88834->88838 88839 f10729 88835->88839 88841 ea4b10 _DebugHeapAllocator 60 API calls 88836->88841 88837->88813 88837->88820 88837->88824 89129 f0dc60 88837->89129 89224 ea40c0 10 API calls 88837->89224 88844 ea4b10 _DebugHeapAllocator 60 API calls 88838->88844 88840 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88839->88840 88854 f10735 Concurrency::details::ContextBase::GetWorkQueueIdentity allocator shared_ptr 88840->88854 88843 f1054e 88841->88843 88845 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88843->88845 88846 f106a8 88844->88846 88848 f10554 88845->88848 88847 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88846->88847 88849 f106ae 88847->88849 88850 ea4b10 _DebugHeapAllocator 60 API calls 88848->88850 88851 ea4b10 _DebugHeapAllocator 60 API calls 88849->88851 88852 f10571 88850->88852 88853 f106cb 88851->88853 88855 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88852->88855 88856 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88853->88856 88862 f10935 88854->88862 88863 f10795 88854->88863 88857 f10577 88855->88857 88858 f106d1 88856->88858 88859 ea4b10 _DebugHeapAllocator 60 API calls 88857->88859 88860 ea4b10 _DebugHeapAllocator 60 API calls 88858->88860 88861 f10594 88859->88861 88864 f106ee 88860->88864 88866 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88861->88866 88867 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88862->88867 88865 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 88863->88865 88868 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88864->88868 88871 f1079d 88865->88871 88869 f1059a 88866->88869 88870 f10945 88867->88870 88872 f106f4 88868->88872 89226 f0f4e0 69 API calls 7 library calls 88869->89226 88875 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88870->88875 88873 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88871->88873 89227 f0f4e0 69 API calls 7 library calls 88872->89227 88878 f107b0 88873->88878 88877 f10955 88875->88877 88879 ea4b10 _DebugHeapAllocator 60 API calls 88877->88879 88881 f04d40 Concurrency::details::ResourceManager::SafeReference 62 API calls 88878->88881 88882 f10967 88879->88882 88880 f106fc 88884 f10a33 LocalFree 88880->88884 88883 f107b5 88881->88883 88886 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88882->88886 88885 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88883->88885 88887 ea4b10 _DebugHeapAllocator 60 API calls 88884->88887 88889 f107d1 88885->88889 88888 f10973 88886->88888 88890 f10a4f 88887->88890 88892 ea4b10 _DebugHeapAllocator 60 API calls 88888->88892 88891 f04d40 Concurrency::details::ResourceManager::SafeReference 62 API calls 88889->88891 88893 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88890->88893 88895 f107d6 88891->88895 88894 f1098e 88892->88894 88896 f10a5b 88893->88896 88898 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88894->88898 88897 eb3360 Concurrency::details::ResourceManager::SafeReference 60 API calls 88895->88897 88899 ea4b70 shared_ptr 60 API calls 88896->88899 88907 f107e8 Concurrency::details::ContextBase::GetWorkQueueIdentity allocator 88897->88907 88900 f1099a 88898->88900 88901 f10a74 88899->88901 88902 ea4b10 _DebugHeapAllocator 60 API calls 88900->88902 88903 ea4b10 _DebugHeapAllocator 60 API calls 88901->88903 88905 f109b5 88902->88905 88904 f10a8d 88903->88904 88906 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88904->88906 88908 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88905->88908 88909 f10a99 88906->88909 88914 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88907->88914 88945 f108e7 shared_ptr 88907->88945 88910 f109c1 88908->88910 89214 ed72b0 88909->89214 89229 f0f3b0 68 API calls 4 library calls 88910->89229 88913 f10aa9 88915 ed72b0 60 API calls 88913->88915 88916 f1083a 88914->88916 88927 f10ac9 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 88915->88927 88917 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 88916->88917 88918 f1084a 88917->88918 88919 ea4b10 _DebugHeapAllocator 60 API calls 88918->88919 88920 f1085c 88919->88920 88921 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88920->88921 88922 f10868 88921->88922 88923 ea4b10 _DebugHeapAllocator 60 API calls 88922->88923 88924 f10883 88923->88924 88925 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88924->88925 88926 f1088f 88925->88926 88929 ea4b10 _DebugHeapAllocator 60 API calls 88926->88929 88928 f10b00 OpenEventW 88927->88928 88930 f10b29 88928->88930 88931 f108aa 88929->88931 88933 edecf0 shared_ptr 60 API calls 88930->88933 88932 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88931->88932 88934 f108b6 88932->88934 88935 f10b35 88933->88935 89228 f0f3b0 68 API calls 4 library calls 88934->89228 88937 f10cd9 Concurrency::details::ContextBase::GetWorkQueueIdentity 88935->88937 88938 f10b52 88935->88938 88939 f10ce1 CreateEventW 88937->88939 88941 edecf0 shared_ptr 60 API calls 88938->88941 88940 f10d09 88939->88940 88944 edecf0 shared_ptr 60 API calls 88940->88944 88943 f10b73 88941->88943 88942 f0ff25 shared_ptr 88942->89036 88946 ea4b10 _DebugHeapAllocator 60 API calls 88943->88946 88947 f10d12 88944->88947 88945->88884 88950 f10b8b 88946->88950 88948 f10d22 88947->88948 88949 f10e58 88947->88949 88951 ea4b10 _DebugHeapAllocator 60 API calls 88948->88951 88952 ea4b10 _DebugHeapAllocator 60 API calls 88949->88952 88953 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88950->88953 88954 f10d4a 88951->88954 88955 f10e83 88952->88955 88956 f10b97 Concurrency::details::ContextBase::GetWorkQueueIdentity 88953->88956 88957 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88954->88957 88958 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88955->88958 88961 ea4b10 _DebugHeapAllocator 60 API calls 88956->88961 88959 f10d50 88957->88959 88960 f10e89 88958->88960 88962 ea4b10 _DebugHeapAllocator 60 API calls 88959->88962 88963 ea4b10 _DebugHeapAllocator 60 API calls 88960->88963 88964 f10bbc 88961->88964 88965 f10d72 88962->88965 88966 f10eae 88963->88966 88967 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88964->88967 88968 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88965->88968 88969 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88966->88969 88970 f10bc8 Concurrency::details::ContextBase::GetWorkQueueIdentity 88967->88970 88971 f10d78 88968->88971 88972 f10eb4 88969->88972 88975 f10bd2 MessageBoxW 88970->88975 88973 f08ee0 Concurrency::details::ResourceManager::SafeReference 4 API calls 88971->88973 88974 f08ee0 Concurrency::details::ResourceManager::SafeReference 4 API calls 88972->88974 88976 f10d80 88973->88976 88977 f10ebc 88974->88977 88975->89036 88978 f10dfb 88976->88978 88979 f10d8a 88976->88979 88980 f10ec6 88977->88980 88989 f10e53 shared_ptr 88977->88989 88981 ea4b10 _DebugHeapAllocator 60 API calls 88978->88981 88982 ea4b10 _DebugHeapAllocator 60 API calls 88979->88982 88983 ea4b10 _DebugHeapAllocator 60 API calls 88980->88983 88984 f10e1c 88981->88984 88985 f10dbd 88982->88985 88986 f10ee7 88983->88986 88988 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88984->88988 88990 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88985->88990 88987 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88986->88987 88991 f10eed 88987->88991 88992 f10e22 88988->88992 88993 f10f34 GdiplusStartup 88989->88993 88994 f10dc3 88990->88994 88996 ea4b10 _DebugHeapAllocator 60 API calls 88991->88996 88997 ea4b10 _DebugHeapAllocator 60 API calls 88992->88997 88998 1008a99 std::_Facet_Register 14 API calls 88993->88998 88995 ea4b10 _DebugHeapAllocator 60 API calls 88994->88995 88999 f10de8 88995->88999 89000 f10f0a 88996->89000 89001 f10e42 88997->89001 89002 f10f53 88998->89002 89003 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 88999->89003 89004 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89000->89004 89005 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89001->89005 89006 f10fd2 89002->89006 89007 ea4b10 _DebugHeapAllocator 60 API calls 89002->89007 89008 f10dee 89003->89008 89009 f10f10 89004->89009 89010 f10e48 89005->89010 89233 eb5260 177 API calls 8 library calls 89006->89233 89011 f10f83 89007->89011 89230 f090e0 4 API calls 2 library calls 89008->89230 89232 f08e30 4 API calls 2 library calls 89009->89232 89231 f090e0 4 API calls 2 library calls 89010->89231 89017 ea4b10 _DebugHeapAllocator 60 API calls 89011->89017 89016 f10df6 89016->88989 89019 f10f9d 89017->89019 89018 f1100b 89020 f11021 89018->89020 89021 f11014 SetEvent 89018->89021 89024 ea4b10 _DebugHeapAllocator 60 API calls 89019->89024 89022 f11027 WaitForSingleObject 89020->89022 89023 f11036 89020->89023 89021->89020 89022->89023 89025 f1104c 89023->89025 89026 f1103f CloseHandle 89023->89026 89027 f10fb0 89024->89027 89234 fe28e0 61 API calls 2 library calls 89025->89234 89026->89025 89029 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 89027->89029 89031 f10fc3 89029->89031 89030 f11051 89235 fe2320 63 API calls 89030->89235 89031->89006 89033 f11058 GdiplusShutdown 89033->88942 89034 f11078 89033->89034 89236 f0d740 73 API calls _MallocaArrayHolder 89034->89236 89038 f1c637 89037->89038 89039 edecf0 shared_ptr 60 API calls 89038->89039 89040 f1c640 89039->89040 89041 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 89040->89041 89042 f1c65a GetCurrentProcessId CreateToolhelp32Snapshot 89041->89042 89043 f1c679 char_traits 89042->89043 89044 f1c6eb Concurrency::details::ResourceManager::SafeReference 89042->89044 89045 f1c696 Process32FirstW 89043->89045 89048 f1c741 89044->89048 89049 f1c6fa 89044->89049 89046 f1c6e1 CloseHandle 89045->89046 89047 f1c6ad 89045->89047 89046->89044 89050 f1c6b8 89047->89050 89051 f1c6cd Process32NextW 89047->89051 89052 ea4b10 _DebugHeapAllocator 60 API calls 89048->89052 89053 ea4b10 _DebugHeapAllocator 60 API calls 89049->89053 89237 f1ca00 89050->89237 89051->89046 89051->89047 89058 f1c712 shared_ptr 89052->89058 89055 f1c709 89053->89055 89057 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89055->89057 89057->89058 89058->88688 89481 f0eaf0 CoInitializeEx 89059->89481 89061 f0f19f allocator _DebugHeapAllocator 89062 edecf0 shared_ptr 60 API calls 89061->89062 89064 f0f39f 89061->89064 89063 f0f22b Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89062->89063 89065 edecf0 shared_ptr 60 API calls 89063->89065 89064->88729 89066 f0f279 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89065->89066 89067 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89066->89067 89068 f0f2c5 Concurrency::details::ContextBase::GetWorkQueueIdentity 89067->89068 89069 f0f2e2 RegOpenKeyExW 89068->89069 89070 f0f2f6 shared_ptr 89069->89070 89071 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89070->89071 89072 f0f307 Concurrency::details::ContextBase::GetWorkQueueIdentity 89071->89072 89073 f0f324 RegQueryValueExW 89072->89073 89519 ea91b0 89073->89519 89075 f0f354 RegCloseKey 89521 101b22c 61 API calls __strnicoll 89075->89521 89077 f0f36a wsprintfW 89078 ea9e10 task 60 API calls 89077->89078 89079 f0f38d 89078->89079 89080 ea9e10 task 60 API calls 89079->89080 89080->89064 89082 eb10c1 _DebugHeapAllocator 89081->89082 89083 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 89082->89083 89084 eb10d9 89083->89084 89085 eb3f30 Concurrency::task_continuation_context::task_continuation_context RaiseException 89084->89085 89086 eb10f6 89085->89086 89086->88764 89088 eb0f31 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 89087->89088 89560 eb0f90 89088->89560 89092 eb3820 Concurrency::details::ResourceManager::SafeReference 60 API calls 89091->89092 89093 eac09a 89092->89093 89574 ea4b30 89093->89574 89095 eac0a3 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 89577 eb1590 89095->89577 89098 ea4b10 _DebugHeapAllocator 60 API calls 89099 eac0f7 shared_ptr 89098->89099 89099->88774 89101 f0d7d8 Concurrency::details::ResourceManager::SafeReference 89100->89101 89102 edecf0 shared_ptr 60 API calls 89101->89102 89118 f0d861 shared_ptr 89101->89118 89103 f0d80d 89102->89103 89106 ea4b10 _DebugHeapAllocator 60 API calls 89103->89106 89104 eb10b0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 89105 f0d883 89104->89105 89107 eb0f20 _DebugHeapAllocator 60 API calls 89105->89107 89108 f0d828 89106->89108 89109 f0d88f Concurrency::details::ContextBase::GetWorkQueueIdentity 89107->89109 89110 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89108->89110 89112 f0d899 CreateDirectoryW 89109->89112 89111 f0d831 89110->89111 89586 ee1320 60 API calls _DebugHeapAllocator 89111->89586 89114 f0d8a8 GetLastError 89112->89114 89121 f0d92f shared_ptr 89112->89121 89116 f0d8be 89114->89116 89114->89121 89115 f0d850 89587 100a65e RaiseException 89115->89587 89119 edecf0 shared_ptr 60 API calls 89116->89119 89118->89104 89120 f0d8d9 89119->89120 89122 ea4b10 _DebugHeapAllocator 60 API calls 89120->89122 89121->88837 89123 f0d8f6 89122->89123 89124 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89123->89124 89125 f0d8ff 89124->89125 89588 ee1320 60 API calls _DebugHeapAllocator 89125->89588 89127 f0d91e 89589 100a65e RaiseException 89127->89589 89130 f0dca2 89129->89130 89131 f0dce6 89129->89131 89599 1008da4 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW Concurrency::details::_Condition_variable::_Condition_variable 89130->89599 89133 ed72b0 60 API calls 89131->89133 89135 f0dcfb Concurrency::details::ContextBase::GetWorkQueueIdentity 89133->89135 89134 f0dcac 89134->89131 89136 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 89134->89136 89137 f0dd19 FindFirstFileExW 89135->89137 89139 f0dccb 89136->89139 89138 f0dd29 GetLastError 89137->89138 89143 f0dd62 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr allocator 89137->89143 89138->89143 89146 f0dd38 shared_ptr 89138->89146 89600 1008d13 60 API calls _Error_objects 89139->89600 89140 f0df22 Concurrency::details::ContextBase::GetWorkQueueIdentity 89145 f0df2a RemoveDirectoryW 89140->89145 89142 f0dcd5 89601 1008d53 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 89142->89601 89143->89140 89147 f0dead FindNextFileW 89143->89147 89154 eac070 Concurrency::details::ResourceManager::SafeReference 60 API calls 89143->89154 89155 ea4b10 _DebugHeapAllocator 60 API calls 89143->89155 89156 f0de4c DeleteFileW 89143->89156 89158 f0dc60 61 API calls 89143->89158 89590 f0d490 89143->89590 89145->89146 89146->88837 89147->89143 89148 f0dec7 GetLastError 89147->89148 89149 f0ded6 89148->89149 89150 f0df0c 89148->89150 89151 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89149->89151 89153 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89150->89153 89151->89146 89153->89140 89154->89143 89155->89143 89156->89143 89157 f0de5c shared_ptr 89156->89157 89159 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89157->89159 89158->89143 89159->89146 89161 edfdb0 89160->89161 89162 edecf0 shared_ptr 60 API calls 89161->89162 89163 edfdb9 89162->89163 89164 ea4b10 _DebugHeapAllocator 60 API calls 89163->89164 89165 edfddd 89164->89165 89166 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89165->89166 89167 edfde6 Concurrency::details::ContextBase::GetWorkQueueIdentity 89166->89167 89168 edfdfa WinHttpOpen 89167->89168 89169 edfe18 shared_ptr 89168->89169 89170 edfe3f WinHttpSetTimeouts 89169->89170 89171 edfe24 shared_ptr 89169->89171 89170->89171 89171->88809 89173 10157e3 89172->89173 89174 10157f8 89172->89174 89609 100e7e5 12 API calls __dosmaperr 89173->89609 89602 1015786 89174->89602 89177 10157e8 89610 100e6e7 60 API calls __strnicoll 89177->89610 89180 1015810 CreateThread 89182 1015831 GetLastError 89180->89182 89183 101584f ResumeThread 89180->89183 89618 10155fa 89180->89618 89181 10157f3 89181->88811 89611 100e78b 12 API calls 2 library calls 89182->89611 89183->89182 89184 101583d 89183->89184 89612 10156f8 89184->89612 89187 1015849 89187->88811 89189 f0e940 89188->89189 89190 edecf0 shared_ptr 60 API calls 89189->89190 89191 f0e949 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89190->89191 89192 edecf0 shared_ptr 60 API calls 89191->89192 89193 f0e997 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89192->89193 89194 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89193->89194 89195 f0e9fb Concurrency::details::ContextBase::GetWorkQueueIdentity 89194->89195 89196 f0ea18 RegOpenKeyExW 89195->89196 89197 f0ea35 shared_ptr 89196->89197 89198 f0eab0 89197->89198 89200 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89197->89200 89199 ea9e10 task 60 API calls 89198->89199 89201 f0eac5 89199->89201 89204 f0ea4f Concurrency::details::ContextBase::GetWorkQueueIdentity 89200->89204 89202 ea9e10 task 60 API calls 89201->89202 89203 f0ead7 GetCommandLineW CommandLineToArgvW 89202->89203 89203->88819 89205 f0ea6c RegQueryValueExW 89204->89205 89206 f0ea9a shared_ptr 89205->89206 89207 f0eaa6 RegCloseKey 89206->89207 89207->89198 89209 f04d70 Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::details::ResourceManager::SafeReference 89208->89209 89689 ef0850 89209->89689 89211 f04d85 _DebugHeapAllocator 89698 ef5690 89211->89698 89213 f04d9c std::bad_exception::~bad_exception shared_ptr Concurrency::details::ResourceManager::SafeReference 89213->88828 89215 eb3820 Concurrency::details::ResourceManager::SafeReference 60 API calls 89214->89215 89216 ed72da 89215->89216 89217 ea4b30 Concurrency::details::ResourceManager::SafeReference RaiseException 89216->89217 89218 ed72e3 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 89217->89218 89219 eb1590 Concurrency::details::ResourceManager::SafeReference 60 API calls 89218->89219 89220 ed732f 89219->89220 89221 ea4b10 _DebugHeapAllocator 60 API calls 89220->89221 89222 ed733e shared_ptr 89221->89222 89222->88913 89223->88942 89224->88837 89225->88805 89226->88942 89227->88880 89228->88945 89229->88945 89230->89016 89231->89016 89232->89016 89233->89018 89234->89030 89235->89033 89236->88942 89238 f1ca23 ~ 89237->89238 89251 f1bf10 89238->89251 89240 f1ca33 89241 f1ca3d 89240->89241 89243 f1ca55 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89240->89243 89242 eaa500 Concurrency::details::ResourceManager::SafeReference 60 API calls 89241->89242 89248 f1c6c8 89242->89248 89244 f1cabe 89243->89244 89246 f1ca95 89243->89246 89245 eaa500 Concurrency::details::ResourceManager::SafeReference 60 API calls 89244->89245 89245->89248 89247 eaaf70 _DebugHeapAllocator 60 API calls 89246->89247 89249 f1caa4 89247->89249 89248->89046 89295 eaa500 89249->89295 89298 1009364 89251->89298 89254 f1bf6d K32EnumProcesses 89257 f1bf66 ctype 89254->89257 89265 f1bf92 ctype 89254->89265 89255 f1c061 89256 f1c088 OpenProcess 89255->89256 89255->89257 89258 f1c0b2 89256->89258 89294 f1c24a shared_ptr Concurrency::details::ResourceManager::SafeReference 89256->89294 89257->89240 89260 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 89258->89260 89259 1009364 14 API calls Concurrency::details::ResourceManager::SafeReference 89259->89265 89261 f1c0ba 89260->89261 89302 f1ba00 89261->89302 89263 f1c040 K32EnumProcesses 89263->89257 89263->89265 89264 f1c0e2 shared_ptr 89266 f1c0ed QueryFullProcessImageNameW 89264->89266 89265->89255 89265->89259 89265->89263 89309 f1bbc0 89266->89309 89268 f1c105 Concurrency::details::ContextBase::GetWorkQueueIdentity 89269 f1c10d PathFindFileNameW 89268->89269 89270 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 89269->89270 89271 f1c11d 89270->89271 89272 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 89271->89272 89273 f1c129 89272->89273 89274 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 89273->89274 89275 f1c135 89274->89275 89312 f1c460 89275->89312 89278 ea4b10 _DebugHeapAllocator 60 API calls 89279 f1c159 89278->89279 89332 eb3ae0 89279->89332 89282 ea4b10 _DebugHeapAllocator 60 API calls 89283 f1c173 89282->89283 89284 f04d40 Concurrency::details::ResourceManager::SafeReference 62 API calls 89283->89284 89285 f1c178 89284->89285 89286 eb3360 Concurrency::details::ResourceManager::SafeReference 60 API calls 89285->89286 89287 f1c190 89286->89287 89340 f1bb00 89287->89340 89289 f1c1b6 ~ 89351 f1b990 89289->89351 89291 f1c1f7 ~ Concurrency::details::ResourceManager::SafeReference 89292 f1c231 FindCloseChangeNotification 89291->89292 89355 f1c9e0 60 API calls Concurrency::details::ResourceManager::SafeReference 89291->89355 89292->89294 89294->89240 89469 ebb5a0 89295->89469 89299 100930f 89298->89299 89300 1008a99 std::_Facet_Register 14 API calls 89299->89300 89301 f1bf54 89300->89301 89301->89254 89301->89257 89303 f1ba23 89302->89303 89304 f1ba43 89303->89304 89305 f1ba5f 89303->89305 89356 eb3600 60 API calls Concurrency::task_continuation_context::task_continuation_context 89304->89356 89307 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 89305->89307 89308 f1ba57 89307->89308 89308->89264 89310 ef5f70 Concurrency::details::ResourceManager::SafeReference RaiseException 89309->89310 89311 f1bbf5 89310->89311 89311->89268 89357 eabc30 89312->89357 89314 f1c475 GetFileVersionInfoSizeW 89315 f1c4a5 GlobalAlloc 89314->89315 89316 f1c484 89314->89316 89318 f1c4be Concurrency::details::ContextBase::GetWorkQueueIdentity 89315->89318 89320 f1c14a 89315->89320 89317 eab010 _DebugHeapAllocator 60 API calls 89316->89317 89319 f1c491 89317->89319 89322 f1c4d7 GetFileVersionInfoW VerQueryValueW 89318->89322 89321 eab010 _DebugHeapAllocator 60 API calls 89319->89321 89320->89278 89321->89320 89323 f1c4f7 89322->89323 89324 f1c50c VerQueryValueW 89322->89324 89323->89324 89325 f1c5e4 GlobalFree 89324->89325 89326 f1c52a wsprintfW wsprintfW VerQueryValueW 89324->89326 89325->89320 89327 f1c5b0 89326->89327 89328 f1c5bc VerQueryValueW 89326->89328 89329 eab010 _DebugHeapAllocator 60 API calls 89327->89329 89328->89325 89330 f1c5d8 89328->89330 89329->89328 89331 eab010 _DebugHeapAllocator 60 API calls 89330->89331 89331->89325 89333 eb3af1 _DebugHeapAllocator 89332->89333 89334 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 89333->89334 89335 eb3b00 89334->89335 89358 eb6770 89335->89358 89338 eb3f30 Concurrency::task_continuation_context::task_continuation_context RaiseException 89339 eb3b22 89338->89339 89339->89282 89341 ea4b10 _DebugHeapAllocator 60 API calls 89340->89341 89342 f1bb30 89341->89342 89343 ea4b10 _DebugHeapAllocator 60 API calls 89342->89343 89344 f1bb55 89343->89344 89345 ea4b10 _DebugHeapAllocator 60 API calls 89344->89345 89346 f1bb6e 89345->89346 89347 ea4b10 _DebugHeapAllocator 60 API calls 89346->89347 89348 f1bb87 89347->89348 89349 ea4b10 _DebugHeapAllocator 60 API calls 89348->89349 89350 f1bba0 89349->89350 89350->89289 89352 f1b9a3 ~ ctype 89351->89352 89464 f1b7e0 89352->89464 89354 f1b9d5 Concurrency::details::ResourceManager::SafeReference 89354->89291 89355->89292 89356->89308 89357->89314 89361 100ee2d 89358->89361 89364 100ee44 89361->89364 89369 100ec32 89364->89369 89366 100ee57 89375 100ecb4 89366->89375 89370 100ec50 89369->89370 89374 100ec49 __strnicoll 89369->89374 89370->89374 89408 10233d2 GetLastError 89370->89408 89374->89366 89376 100ece4 ___crtCompareStringW 89375->89376 89377 100ecce 89375->89377 89376->89377 89380 100ecfb 89376->89380 89452 100e7e5 12 API calls __dosmaperr 89377->89452 89379 100ecd3 89453 100e6e7 60 API calls __strnicoll 89379->89453 89383 100ecdd __freea 89380->89383 89454 1023745 6 API calls 2 library calls 89380->89454 89387 10093d4 __floor_pentium4 5 API calls 89383->89387 89384 100ed49 89385 100ed53 89384->89385 89386 100ed6a 89384->89386 89455 100e7e5 12 API calls __dosmaperr 89385->89455 89389 100ed80 89386->89389 89390 100ed6f 89386->89390 89391 eb3b13 89387->89391 89394 100ee01 89389->89394 89397 100ed94 ctype 89389->89397 89458 10236f7 13 API calls 3 library calls 89389->89458 89457 100e7e5 12 API calls __dosmaperr 89390->89457 89391->89338 89392 100ed58 89456 100e7e5 12 API calls __dosmaperr 89392->89456 89462 100e7e5 12 API calls __dosmaperr 89394->89462 89397->89394 89401 100edc1 89397->89401 89398 100ee06 89463 100e7e5 12 API calls __dosmaperr 89398->89463 89459 1023745 6 API calls 2 library calls 89401->89459 89403 100eddd 89404 100ede4 89403->89404 89405 100edf5 89403->89405 89460 101d641 60 API calls __strnicoll 89404->89460 89461 100e7e5 12 API calls __dosmaperr 89405->89461 89409 10233ee 89408->89409 89410 10233e8 89408->89410 89430 10233f2 89409->89430 89436 1025baf 6 API calls std::_Lockit::_Lockit 89409->89436 89435 1025b70 6 API calls std::_Lockit::_Lockit 89410->89435 89413 102340a 89413->89430 89437 102383f 89413->89437 89414 1023477 SetLastError 89417 100ec71 89414->89417 89418 1023487 89414->89418 89431 1023783 89417->89431 89450 10104d5 60 API calls std::locale::_Setgloballocale 89418->89450 89420 1023427 89446 1025baf 6 API calls std::_Lockit::_Lockit 89420->89446 89421 1023438 89447 1025baf 6 API calls std::_Lockit::_Lockit 89421->89447 89423 102348c 89425 1023444 89426 1023448 89425->89426 89427 102345f 89425->89427 89448 1025baf 6 API calls std::_Lockit::_Lockit 89426->89448 89449 1023200 EnterCriticalSection LeaveCriticalSection __Getcoll 89427->89449 89430->89414 89432 1023796 89431->89432 89434 10237ab 89431->89434 89432->89434 89451 102da93 60 API calls 3 library calls 89432->89451 89434->89374 89435->89409 89436->89413 89438 102384c 89437->89438 89439 102388c 89438->89439 89440 1023860 __Getcoll 89438->89440 89441 1023877 HeapAlloc 89438->89441 89443 100e7e5 __strnicoll 11 API calls 89439->89443 89440->89439 89440->89441 89445 1022338 std::_Facet_Register EnterCriticalSection LeaveCriticalSection 89440->89445 89441->89440 89442 102388a 89441->89442 89444 102341f 89442->89444 89443->89444 89444->89420 89444->89421 89445->89440 89446->89430 89447->89425 89448->89430 89449->89430 89450->89423 89451->89434 89452->89379 89453->89383 89454->89384 89455->89392 89456->89383 89457->89379 89458->89397 89459->89403 89460->89383 89461->89383 89462->89398 89463->89383 89467 f1b7e5 89464->89467 89465 f1b80d 89465->89354 89467->89465 89468 f1bc30 RaiseException Concurrency::details::ResourceManager::SafeReference 89467->89468 89468->89467 89470 ebb5c6 std::bad_exception::~bad_exception Concurrency::details::VirtualProcessorRoot::Subscribe Concurrency::details::ResourceManager::SafeReference 89469->89470 89471 eaa50f 89470->89471 89473 ebe1d0 89470->89473 89471->89248 89476 e9b510 89473->89476 89475 ebe1e5 89475->89471 89477 e9b531 89476->89477 89479 e9b53e _MallocaArrayHolder 89476->89479 89480 eb6cc0 60 API calls _Allocate 89477->89480 89479->89475 89480->89479 89483 f0eb21 Concurrency::details::ContextBase::GetWorkQueueIdentity 89481->89483 89482 f0eb2a 89482->89061 89483->89482 89484 f0eb55 CoInitializeSecurity 89483->89484 89485 f0eb83 89484->89485 89488 f0ebaa SafeRWList allocator 89484->89488 89486 f0eb8c 89485->89486 89485->89488 89487 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89486->89487 89487->89482 89489 f0ebcc CoCreateInstance 89488->89489 89490 f0ebea 89489->89490 89492 f0ec14 SafeRWList Concurrency::details::ContextBase::GetWorkQueueIdentity allocator 89489->89492 89491 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89490->89491 89491->89482 89522 ef2480 89492->89522 89494 f0ec5c Concurrency::details::ResourceManager::SafeReference 89527 ef3830 89494->89527 89497 f0ecda Concurrency::details::ContextBase::GetWorkQueueIdentity 89498 f0ecf0 CoSetProxyBlanket 89497->89498 89501 f0ed00 89498->89501 89503 f0ed36 SafeRWList Concurrency::details::ContextBase::GetWorkQueueIdentity allocator 89498->89503 89499 f0eca4 89500 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89499->89500 89500->89482 89502 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89501->89502 89502->89482 89530 f0d2d0 89503->89530 89505 f0ed7e Concurrency::details::ResourceManager::SafeReference 89506 f0d2d0 24 API calls 89505->89506 89507 f0eda3 Concurrency::details::ResourceManager::SafeReference 89506->89507 89508 ef3830 Concurrency::details::ResourceManager::SafeReference SysFreeString 89507->89508 89509 f0ede1 89508->89509 89510 ef3830 Concurrency::details::ResourceManager::SafeReference SysFreeString 89509->89510 89511 f0eded 89510->89511 89512 f0edf3 89511->89512 89514 f0ee35 SafeRWList Concurrency::details::ContextBase::GetWorkQueueIdentity allocator 89511->89514 89513 eaa780 Concurrency::details::ContextBase::GetWorkQueueIdentity 2 API calls 89512->89513 89513->89482 89515 f0eead 89514->89515 89517 f0eeaf VariantInit 89514->89517 89518 f0ef07 VariantClear 89514->89518 89535 eaa780 89515->89535 89517->89514 89518->89514 89520 ea91bf Concurrency::details::ContextBase::GetWorkQueueIdentity 89519->89520 89520->89075 89521->89077 89523 eb6f90 _Allocate 14 API calls 89522->89523 89524 ef24a5 89523->89524 89526 ef24c4 _com_issue_error 89524->89526 89538 ef2050 SysAllocString 89524->89538 89526->89494 89540 efa7c0 89527->89540 89531 eb6f90 _Allocate 14 API calls 89530->89531 89532 f0d2f5 89531->89532 89534 f0d314 _com_issue_error 89532->89534 89545 f0d250 23 API calls 89532->89545 89534->89505 89546 eaf960 89535->89546 89537 eaa7a4 _Receive_impl 89537->89482 89539 ef2082 _com_issue_error 89538->89539 89539->89526 89541 efa7cf 89540->89541 89543 ef383f 89540->89543 89544 ef5ed0 SysFreeString _MallocaArrayHolder 89541->89544 89543->89497 89543->89499 89544->89543 89545->89534 89547 eaf971 Concurrency::details::ContextBase::GetWorkQueueIdentity 89546->89547 89548 eaf97d Concurrency::details::ContextBase::GetWorkQueueIdentity 89547->89548 89555 ff40c3 RaiseException std::_Throw_Cpp_error Concurrency::details::ContextBase::GetWorkQueueIdentity 89547->89555 89552 ef90a0 89548->89552 89556 eecf20 89552->89556 89559 ef4940 CoUninitialize 89556->89559 89558 eaf995 89558->89537 89559->89558 89561 eb0fa1 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 89560->89561 89563 eb0ff7 _DebugHeapAllocator 89561->89563 89572 eb1320 RaiseException std::_Throw_Cpp_error allocator 89561->89572 89565 eb1045 89563->89565 89573 eb1320 RaiseException std::_Throw_Cpp_error allocator 89563->89573 89566 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 89565->89566 89567 eb105a 89566->89567 89568 ed4120 _memcpy_s 60 API calls 89567->89568 89569 eb1090 89568->89569 89570 eb3f30 Concurrency::task_continuation_context::task_continuation_context RaiseException 89569->89570 89571 eb0f4f 89570->89571 89571->88769 89572->89561 89573->89563 89575 ea49e0 Concurrency::details::_Condition_variable::_Condition_variable RaiseException 89574->89575 89576 ea4b58 89575->89576 89576->89095 89578 eb35a0 Concurrency::task_continuation_context::task_continuation_context 60 API calls 89577->89578 89579 eb15ab 89578->89579 89580 ed4120 _memcpy_s 60 API calls 89579->89580 89581 eb15c7 89580->89581 89582 ed4120 _memcpy_s 60 API calls 89581->89582 89583 eb15e9 89582->89583 89584 eb3f30 Concurrency::task_continuation_context::task_continuation_context RaiseException 89583->89584 89585 eac0e8 89584->89585 89585->89098 89586->89115 89587->89118 89588->89127 89589->89121 89591 eb3820 Concurrency::details::ResourceManager::SafeReference 60 API calls 89590->89591 89592 f0d4ba 89591->89592 89593 ea4b30 Concurrency::details::ResourceManager::SafeReference RaiseException 89592->89593 89594 f0d4c3 Concurrency::details::ContextBase::GetWorkQueueIdentity _DebugHeapAllocator 89593->89594 89595 eb1590 Concurrency::details::ResourceManager::SafeReference 60 API calls 89594->89595 89596 f0d4ff 89595->89596 89597 ea4b10 _DebugHeapAllocator 60 API calls 89596->89597 89598 f0d50e shared_ptr 89597->89598 89598->89143 89599->89134 89600->89142 89601->89131 89603 102383f __Getcoll 12 API calls 89602->89603 89604 1015797 89603->89604 89605 10157c8 89604->89605 89606 10157ab GetModuleHandleExW 89604->89606 89607 10156f8 shared_ptr 2 API calls 89605->89607 89606->89605 89608 10157d0 89607->89608 89608->89180 89608->89184 89609->89177 89610->89181 89611->89184 89613 1015704 89612->89613 89616 1015722 89612->89616 89614 1015713 89613->89614 89615 101570a CloseHandle 89613->89615 89614->89616 89617 1015719 FreeLibrary 89614->89617 89615->89614 89616->89187 89617->89616 89619 1015606 __fread_nolock 89618->89619 89620 101561a 89619->89620 89621 101560d GetLastError ExitThread 89619->89621 89622 10233d2 __Getcoll 60 API calls 89620->89622 89623 101561f 89622->89623 89634 1025f4d 89623->89634 89626 1015636 89638 f0fb50 89626->89638 89635 101562a 89634->89635 89636 1025f5d std::locale::_Setgloballocale 89634->89636 89635->89626 89642 1025e58 5 API calls std::_Lockit::_Lockit 89635->89642 89636->89635 89644 10259e2 5 API calls std::_Lockit::_Lockit 89636->89644 89639 f0fb67 89638->89639 89640 f0fb5c 89638->89640 89643 10158e7 15 API calls 89639->89643 89645 edfeb0 89640->89645 89642->89626 89644->89635 89646 edfed7 89645->89646 89648 edfede Concurrency::details::ResourceManager::SafeReference std::_Mutex_base::~_Mutex_base 89645->89648 89646->89639 89647 edffa0 WaitForSingleObject 89647->89646 89647->89648 89648->89647 89651 ee0630 68 API calls Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock 89648->89651 89652 edfa90 89648->89652 89665 ee08b0 89648->89665 89651->89648 89653 ea4b10 _DebugHeapAllocator 60 API calls 89652->89653 89654 edfac0 89653->89654 89655 ea4b10 _DebugHeapAllocator 60 API calls 89654->89655 89656 edfadf 89655->89656 89657 ea4b10 _DebugHeapAllocator 60 API calls 89656->89657 89658 edfafb 89657->89658 89659 ea4b10 _DebugHeapAllocator 60 API calls 89658->89659 89660 edfb17 89659->89660 89661 ea4b10 _DebugHeapAllocator 60 API calls 89660->89661 89662 edfb33 89661->89662 89663 ea4b10 _DebugHeapAllocator 60 API calls 89662->89663 89664 edfb4f 89663->89664 89664->89648 89666 ee08f2 Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::details::ResourceManager::SafeReference 89665->89666 89681 ee0952 shared_ptr 89665->89681 89667 ee0929 WinHttpConnect 89666->89667 89668 ee0959 89667->89668 89669 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 89668->89669 89668->89681 89670 ee096b GetTickCount64 89669->89670 89671 ee0b67 Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::details::ResourceManager::SafeReference 89670->89671 89672 eb3360 Concurrency::details::ResourceManager::SafeReference 60 API calls 89671->89672 89673 ee0bef Concurrency::details::ContextBase::GetWorkQueueIdentity 89672->89673 89674 ee0c05 WinHttpOpenRequest 89673->89674 89675 ee0c1e WinHttpSetTimeouts 89674->89675 89679 ee0c81 shared_ptr 89674->89679 89676 ee0c40 89675->89676 89675->89679 89677 ee0c46 WinHttpCloseHandle 89676->89677 89678 ee0c50 89676->89678 89677->89678 89680 ee0c56 WinHttpCloseHandle 89678->89680 89678->89681 89682 ee0c9c WinHttpSendRequest 89679->89682 89683 ee0cb5 89679->89683 89680->89681 89681->89648 89682->89683 89684 ee0cca 89683->89684 89685 ee0cbb WinHttpReceiveResponse 89683->89685 89686 ee0cda 89684->89686 89687 ee0cd0 WinHttpCloseHandle 89684->89687 89685->89684 89686->89681 89688 ee0ce0 WinHttpCloseHandle 89686->89688 89687->89686 89688->89681 89690 eb3650 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 89689->89690 89691 ef0871 89690->89691 89692 ea49e0 Concurrency::details::_Condition_variable::_Condition_variable RaiseException 89691->89692 89693 ef087a 89692->89693 89702 ef52e0 89693->89702 89696 ef08a0 89696->89211 89699 ef56a1 Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::task_continuation_context::task_continuation_context 89698->89699 89700 ef56c2 89699->89700 89708 ef5540 60 API calls 3 library calls 89699->89708 89700->89213 89703 ef088d 89702->89703 89704 ef52f3 89702->89704 89703->89696 89706 ef3900 WideCharToMultiByte WideCharToMultiByte Concurrency::details::ResourceManager::SafeReference 89703->89706 89704->89703 89707 ef5ab0 9 API calls Concurrency::details::ResourceManager::SafeReference 89704->89707 89706->89696 89707->89703 89708->89700 89709 101bac1 89712 101b931 89709->89712 89713 101b970 89712->89713 89714 101b95e 89712->89714 89725 101b7c2 89713->89725 89733 1009907 GetModuleHandleW 89714->89733 89718 101b963 89718->89713 89734 101ba12 GetModuleHandleExW GetProcAddress FreeLibrary 89718->89734 89719 101b9ba 89735 101b9c8 11 API calls std::locale::_Setgloballocale 89719->89735 89720 101b9ad 89724 101b96f 89724->89713 89726 101b7ce __fread_nolock 89725->89726 89736 101d87b EnterCriticalSection 89726->89736 89728 101b7d8 89737 101b849 89728->89737 89732 101b7f1 89732->89719 89732->89720 89733->89718 89734->89724 89736->89728 89740 101b855 __fread_nolock std::locale::_Setgloballocale 89737->89740 89738 101b8b9 89739 101b8d6 89738->89739 89747 1020b6b 89738->89747 89743 1020b6b std::locale::_Setgloballocale 60 API calls 89739->89743 89740->89738 89744 101b7e5 89740->89744 89746 1022663 EnterCriticalSection LeaveCriticalSection __EH_prolog3 std::locale::_Setgloballocale std::locale::_Locimp::_Addfac 89740->89746 89743->89744 89745 101b803 LeaveCriticalSection std::_Lockit::~_Lockit 89744->89745 89745->89732 89746->89738 89748 1020b92 89747->89748 89749 1020b79 89747->89749 89748->89739 89749->89748 89752 e91800 89749->89752 89758 e9126c 89749->89758 89753 e9182d 89752->89753 89754 edecf0 shared_ptr 60 API calls 89753->89754 89755 e91836 Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89754->89755 89797 1008d13 60 API calls _Error_objects 89755->89797 89757 e91875 89757->89749 89798 e98640 60 API calls 2 library calls 89758->89798 89760 e9128b 89761 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89760->89761 89762 e912b5 89761->89762 89799 e98640 60 API calls 2 library calls 89762->89799 89764 e912e0 89765 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89764->89765 89766 e9130a 89765->89766 89800 e98640 60 API calls 2 library calls 89766->89800 89768 e91335 89769 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89768->89769 89770 e9135f 89769->89770 89801 e98640 60 API calls 2 library calls 89770->89801 89772 e9138a 89773 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89772->89773 89774 e913b4 89773->89774 89802 e98640 60 API calls 2 library calls 89774->89802 89776 e913df 89777 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89776->89777 89778 e91409 89777->89778 89803 e98640 60 API calls 2 library calls 89778->89803 89780 e91434 89781 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89780->89781 89782 e9145e 89781->89782 89804 e98640 60 API calls 2 library calls 89782->89804 89784 e91489 89785 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89784->89785 89786 e914b3 89785->89786 89805 e98640 60 API calls 2 library calls 89786->89805 89788 e914de 89789 ea6530 Concurrency::details::ResourceManager::SafeReference 60 API calls 89788->89789 89790 e91508 89789->89790 89806 e98640 60 API calls 2 library calls 89790->89806 89792 e91530 _Smanip 89807 ea6b40 60 API calls _Error_objects 89792->89807 89794 e91564 shared_ptr shared_ptr 89808 1008d13 60 API calls _Error_objects 89794->89808 89796 e9160e 89796->89749 89797->89757 89798->89760 89799->89764 89800->89768 89801->89772 89802->89776 89803->89780 89804->89784 89805->89788 89806->89792 89807->89794 89808->89796 89809 ede809 89811 ede81c Concurrency::details::ResourceManager::SafeReference shared_ptr 89809->89811 89810 edddb0 Concurrency::details::ResourceManager::SafeReference 62 API calls 89812 ede898 Concurrency::details::ResourceManager::SafeReference 89810->89812 89811->89810 89813 ede8ac 89812->89813 89822 ede8ec ~ Concurrency::details::ResourceManager::SafeReference std::_Mutex_base::~_Mutex_base 89812->89822 89814 ea4d60 Concurrency::details::_Condition_variable::_Condition_variable 60 API calls 89813->89814 89815 ede8b4 89814->89815 89816 edd900 Concurrency::details::ResourceManager::SafeReference 60 API calls 89815->89816 89817 ede8c9 89816->89817 89818 ea9df0 task 60 API calls 89817->89818 89819 ede8d5 89818->89819 89820 ea9e10 task 60 API calls 89819->89820 89821 ede8e4 89820->89821 89823 edf1c0 shared_ptr 60 API calls 89822->89823 89824 ede9e2 shared_ptr 89823->89824 89825 ea4c50 Concurrency::details::ResourceManager::SafeReference 60 API calls 89824->89825 89826 edea03 89825->89826 89827 ea9e10 task 60 API calls 89826->89827 89828 edea1b 89827->89828 89829 ea9e10 task 60 API calls 89828->89829 89830 edea2a 89829->89830 89831 ea9e10 task 60 API calls 89830->89831 89832 edea39 89831->89832 89833 edd900 Concurrency::details::ResourceManager::SafeReference 60 API calls 89832->89833 89834 edea45 89833->89834 89835 ea9df0 task 60 API calls 89834->89835 89836 edea51 89835->89836 89837 ea9e10 task 60 API calls 89836->89837 89837->89821 89838 ed4675 89839 ed46ca 89838->89839 89840 ed4684 89838->89840 89846 eabd40 9 API calls 2 library calls 89840->89846 89842 ed4697 89847 ed7790 89842->89847 89846->89842 89851 ff6871 89847->89851 89849 ed46aa 89850 ed6b90 13 API calls 3 library calls 89849->89850 89850->89839 89852 ff687d __EH_prolog3 89851->89852 89863 ff3df5 89852->89863 89854 ff6887 std::locale::_Locimp::_Addfac 89855 ff6934 89854->89855 89857 ff68b5 89854->89857 89869 ff40a6 89855->89869 89873 ff3e4d LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 89857->89873 89859 ff692e std::locale::_Locimp::_Addfac 89859->89849 89860 ff6939 __EH_prolog3 89861 ea80c0 std::bad_exception::bad_exception 15 API calls 89860->89861 89862 ff695e std::locale::_Locimp::_Addfac 89861->89862 89862->89849 89864 ff3e0b 89863->89864 89865 ff3e04 89863->89865 89867 ff3e09 89864->89867 89875 ff847e EnterCriticalSection 89864->89875 89874 101d8da 6 API calls std::_Lockit::_Lockit 89865->89874 89867->89854 89870 ff40b4 std::bad_alloc::bad_alloc 89869->89870 89876 100a65e RaiseException 89870->89876 89872 ff40c2 89873->89859 89874->89867 89875->89867 89876->89872 89877 ea7b60 89878 ea7b84 ~ shared_ptr 89877->89878 89879 ea7bb7 CoInitializeEx CoInitializeSecurity CoCreateInstance Icmp6CreateFile 89878->89879 89880 ea7c27 89879->89880 89881 fd9630 89882 fd9669 _DebugHeapAllocator 89881->89882 89887 eb14f0 CoCreateInstance 89882->89887 89884 fd96b8 89885 fd96c1 Concurrency::details::ContextBase::GetWorkQueueIdentity 89884->89885 89888 fd99f0 CoInitializeEx 89884->89888 89887->89884 89889 fd9a46 89888->89889 89893 fd9a2b _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity shared_ptr 89888->89893 89890 edecf0 shared_ptr 60 API calls 89889->89890 89891 fd9a64 89890->89891 89892 edecf0 shared_ptr 60 API calls 89891->89892 89894 fd9a92 Concurrency::details::ContextBase::GetWorkQueueIdentity std::_Mutex_base::~_Mutex_base 89892->89894 89893->89885 89894->89893 89927 ea7850 SysAllocStringLen RaiseException Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::details::_Condition_variable::_Condition_variable 89894->89927 89896 fd9ca2 Concurrency::details::ContextBase::GetWorkQueueIdentity std::_Mutex_base::~_Mutex_base 89928 ea7850 SysAllocStringLen RaiseException Concurrency::details::ContextBase::GetWorkQueueIdentity Concurrency::details::_Condition_variable::_Condition_variable 89896->89928 89898 fda01b 89935 eaa6e0 SysFreeString 89898->89935 89900 fda027 89936 eaa6e0 SysFreeString 89900->89936 89902 fd9ceb Concurrency::details::ContextBase::GetWorkQueueIdentity std::_Mutex_base::~_Mutex_base 89902->89898 89903 ea4b10 _DebugHeapAllocator 60 API calls 89902->89903 89904 fd9d80 89903->89904 89905 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89904->89905 89906 fd9d8c Concurrency::details::ContextBase::GetWorkQueueIdentity 89905->89906 89907 fd9dc2 SysStringLen 89906->89907 89908 fd9dd7 Concurrency::details::ContextBase::GetWorkQueueIdentity 89907->89908 89929 ed5f80 60 API calls Concurrency::details::_Condition_variable::_Condition_variable 89908->89929 89910 fd9df6 89930 eab760 RaiseException Concurrency::details::ContextBase::GetWorkQueueIdentity allocator 89910->89930 89912 fd9e37 89913 ea4b10 _DebugHeapAllocator 60 API calls 89912->89913 89917 fd9efe shared_ptr 89912->89917 89914 fd9e57 89913->89914 89915 ede500 Concurrency::details::ResourceManager::SafeReference 62 API calls 89914->89915 89916 fd9e63 Concurrency::details::ContextBase::GetWorkQueueIdentity 89915->89916 89919 fd9e9c SysStringLen 89916->89919 89917->89898 89918 fd9f9b 89917->89918 89933 eaa6e0 SysFreeString 89918->89933 89920 fd9eb1 Concurrency::details::ContextBase::GetWorkQueueIdentity 89919->89920 89931 ed5f80 60 API calls Concurrency::details::_Condition_variable::_Condition_variable 89920->89931 89923 fd9ed0 89932 eab760 RaiseException Concurrency::details::ContextBase::GetWorkQueueIdentity allocator 89923->89932 89924 fd9fbc 89934 eaa6e0 SysFreeString 89924->89934 89927->89896 89928->89902 89929->89910 89930->89912 89931->89923 89932->89917 89933->89924 89934->89893 89935->89900 89936->89893 89937 edbcf3 89946 edbea0 60 API calls shared_ptr 89937->89946 89939 edbd0a allocator 89940 ea9df0 task 60 API calls 89939->89940 89941 edbd27 89940->89941 89947 ed6a70 60 API calls 2 library calls 89941->89947 89943 edbd36 89944 ea9e10 task 60 API calls 89943->89944 89945 edbd45 89944->89945 89946->89939 89947->89943 89948 ed6553 89951 ed6290 89948->89951 89950 ed655d 89954 ed6210 89951->89954 89953 ed62a3 89953->89950 89955 ed623a std::bad_exception::bad_exception 89954->89955 89960 ea80c0 89955->89960 89959 ed6267 89959->89953 89961 ff3df5 std::_Lockit::_Lockit 7 API calls 89960->89961 89962 ea80ee _Yarn 89961->89962 89963 ea8167 89962->89963 89964 ea8155 89962->89964 89972 ff4160 RaiseException std::_Throw_Cpp_error std::bad_exception::bad_exception 89963->89972 89971 ff48c2 13 API calls std::_Locinfo::_Locinfo_ctor 89964->89971 89967 ea8162 89968 ed80b0 89967->89968 89973 eb8c20 89968->89973 89971->89967 89972->89967 89976 ff4b7e 89973->89976 89977 ff4b91 char_traits 89976->89977 89986 101dba2 89977->89986 89985 eb8c34 89985->89959 89987 10233d2 __Getcoll 60 API calls 89986->89987 89988 101dbad 89987->89988 89989 1023783 __Getcoll 60 API calls 89988->89989 89990 ff4b99 89989->89990 89991 101dc13 89990->89991 89992 10233d2 __Getcoll 60 API calls 89991->89992 89993 101dc1e 89992->89993 89994 1023783 __Getcoll 60 API calls 89993->89994 89995 ff4ba0 89994->89995 89996 101dbec 89995->89996 89997 10233d2 __Getcoll 60 API calls 89996->89997 89998 101dbf7 89997->89998 89999 1023783 __Getcoll 60 API calls 89998->89999 90000 ff4ba8 89999->90000 90000->89985 90001 101db7e 60 API calls __Getcoll 90000->90001 90001->89985

                                                                                                                      Executed Functions

                                                                                                                      Function 00F1C600 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112memoryprocessCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • GetCurrentProcessId.KERNEL32(0104954C), ref: 00F1C65E
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00F1C66B
                                                                                                                      • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 00F1C6A4
                                                                                                                      • Process32NextW.KERNEL32(000000FF,0000022C), ref: 00F1C6D8
                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 00F1C6E5
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C704
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C748
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32task
                                                                                                                      • String ID: unknown
                                                                                                                      • API String ID: 4192856573-2904991687
                                                                                                                      • Opcode ID: d0f71ed026a3a02f07679d0f053370db4a640126f1a23be7924fd77b9a9016be
                                                                                                                      • Instruction ID: 51bc8d2a2ece730bdc71a85359ef468f18c9732a519b3007df7fbf4e2d4cd4dd
                                                                                                                      • Opcode Fuzzy Hash: d0f71ed026a3a02f07679d0f053370db4a640126f1a23be7924fd77b9a9016be
                                                                                                                      • Instruction Fuzzy Hash: B14171B1D002099BCB04EFA4DD96BEEB7B4AF58310F104558E515BB2C1EB746A44DBE1
                                                                                                                      Function 00F0DC60 Relevance: 10.7, APIs: 7, Instructions: 216memoryfileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1404 f0dc60-f0dca0 1405 f0dca2-f0dcb6 call 1008da4 1404->1405 1406 f0dce9-f0dd27 call ed72b0 call eabc30 FindFirstFileExW 1404->1406 1405->1406 1411 f0dcb8-f0dce6 call ea4c50 call 1008d13 call 1008d53 1405->1411 1415 f0dd62-f0dd66 1406->1415 1416 f0dd29-f0dd36 GetLastError 1406->1416 1411->1406 1419 f0df22-f0df38 call eabc30 RemoveDirectoryW 1415->1419 1420 f0dd6c-f0dd96 call ea4620 call f0cd80 call ea79d0 1415->1420 1416->1415 1418 f0dd38-f0dd5d call ea91b0 * 2 1416->1418 1440 f0df86-f0df94 1418->1440 1433 f0df61-f0df83 call ea91b0 * 2 1419->1433 1434 f0df3a-f0df5f call ea91b0 * 2 1419->1434 1448 f0dd9a-f0ddad 1420->1448 1433->1440 1434->1440 1449 f0ddb3-f0ddbc 1448->1449 1450 f0dead-f0dec5 FindNextFileW 1448->1450 1451 f0ddd4 1449->1451 1452 f0ddbe-f0ddc9 1449->1452 1453 f0dec7-f0ded4 GetLastError 1450->1453 1454 f0df0e 1450->1454 1456 f0dddb-f0de29 call f0d490 call eac070 call ea91b0 1451->1456 1452->1451 1455 f0ddcb-f0ddd2 1452->1455 1457 f0ded6-f0df0a call eaa780 call ea91b0 * 2 1453->1457 1458 f0df0c-f0df1d call eaa780 1453->1458 1454->1448 1455->1456 1473 f0de44-f0de5a call eabc30 DeleteFileW 1456->1473 1474 f0de2b-f0de42 call ea4b10 call f0dc60 1456->1474 1457->1440 1458->1419 1479 f0dea1-f0dea8 call ea91b0 1473->1479 1480 f0de5c-f0de9c call ea91b0 call eaa780 call ea91b0 * 2 1473->1480 1474->1479 1479->1450 1480->1440
                                                                                                                      APIs
                                                                                                                      • FindFirstFileExW.KERNEL32(00000000,00000001,?,00000000,00000000,00000000), ref: 00F0DD1A
                                                                                                                      • GetLastError.KERNEL32 ref: 00F0DD29
                                                                                                                        • Part of subcall function 01008DA4: AcquireSRWLockExclusive.KERNEL32(010915F8,?,?,?,00EB3758,01087B38,?,00EB366D,00000000,01034060,000000FF,?,00EA4B91,010879C8,00000000,0103470D), ref: 01008DAF
                                                                                                                        • Part of subcall function 01008DA4: ReleaseSRWLockExclusive.KERNEL32(010915F8,?,?,?,00EB3758,01087B38,?,00EB366D,00000000,01034060,000000FF,?,00EA4B91,010879C8,00000000,0103470D), ref: 01008DE9
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0DE35
                                                                                                                      • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,000000FF), ref: 00F0DE4D
                                                                                                                      • FindNextFileW.KERNELBASE(000000FF,?,000000FF), ref: 00F0DEB8
                                                                                                                      • GetLastError.KERNEL32 ref: 00F0DEC7
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 01008D53: AcquireSRWLockExclusive.KERNEL32(010915F8,?,?,00EB378A,01087B38,01087B0C,00000000,?,000000FF,?,?,?,?,?,?), ref: 01008D5D
                                                                                                                        • Part of subcall function 01008D53: ReleaseSRWLockExclusive.KERNEL32(010915F8,?,?,00EB378A,01087B38,01087B0C,00000000,?,000000FF,?,?,?,?,?,?), ref: 01008D90
                                                                                                                        • Part of subcall function 01008D53: WakeAllConditionVariable.KERNEL32(010915F4,?,?,00EB378A,01087B38,01087B0C,00000000,?,000000FF,?,?,?,?,?,?), ref: 01008D9B
                                                                                                                      • RemoveDirectoryW.KERNEL32(00000000), ref: 00F0DF2B
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExclusiveLock$File$AcquireAllocatorDebugErrorFindHeapLastRelease$Base::Concurrency::details::ConditionContextDeleteDirectoryFirstIdentityNextQueueRemoveVariableWakeWork
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1143256969-0
                                                                                                                      • Opcode ID: b77d4b7565b7c59cccd05d51a9efe61e05c59beaacc20790de81e810d29a1d16
                                                                                                                      • Instruction ID: 5481e5bd6cd26d22d6199feac6287deee2bd703ee3fb82d98dc0fd45594fe312
                                                                                                                      • Opcode Fuzzy Hash: b77d4b7565b7c59cccd05d51a9efe61e05c59beaacc20790de81e810d29a1d16
                                                                                                                      • Instruction Fuzzy Hash: 65A19070C01249DFDB14EBE4C949BEEBBB4AF25310F208159E5527B2C1DB742B45EBA1
                                                                                                                      Function 00F0FBC0 Relevance: 146.7, APIs: 60, Strings: 23, Instructions: 1442memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 0 f0fbc0-f0fe73 call f1c600 call f0ef80 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea6690 call edecf0 call ea4b10 call ede500 call ea4b10 call ede500 call f08fa0 call eaaf70 call ea91b0 call f0f170 call ea4b10 call ede500 call eabc30 call 101b673 call ea4c50 call ea91b0 call eb38a0 87 f0ffc0-f100a4 call ea6690 call edecf0 call ea6690 call edecf0 call ea4b10 call ede500 call eabc30 call 101b673 call eab010 call ea91b0 call eb10b0 call ea4b10 call ede500 call eb0f20 call ea91b0 call eabc30 GetFileAttributesW 0->87 88 f0fe79-f0ffbb call ea6690 call edecf0 call ea6530 call ede7d0 call ea4c50 call ea4b10 call ede500 call ea4b10 call ede500 call f0f4e0 call ea91b0 * 16 0->88 154 f10221-f102c3 call ea6690 call edecf0 call ea6690 call edecf0 call ea4b10 call ede500 call eabc30 CreateEventW call ea91b0 call 1008a99 87->154 155 f100aa-f100b0 87->155 214 f1115a-f1115e 88->214 211 f10360 154->211 212 f102c9-f1035e call ea4b10 call ede500 call ea4b10 call ede500 call ea4c50 call edf890 154->212 155->154 158 f100b6-f10180 call eac070 call ea4b10 call ede500 call eb0f20 call ea91b0 call ea6690 call edecf0 call ea4b10 call ede500 call ea4b10 call f0d7a0 call ea91b0 155->158 239 f10187-f1018d 158->239 215 f1036a-f10388 211->215 212->215 218 f10399-f1039f 215->218 219 f1038a-f10394 call ea91b0 215->219 224 f103a1-f103ab call ea91b0 218->224 225 f103b0-f103b6 218->225 219->218 224->225 230 f103c7-f103db call edfd80 225->230 231 f103b8-f103c2 call ea91b0 225->231 241 f103f1-f10422 call f0e910 GetCommandLineW CommandLineToArgvW call ea4d60 230->241 242 f103dd-f103ee call 10157d6 230->242 231->230 244 f1018f-f10193 239->244 245 f1020e-f1021c call ea91b0 * 2 239->245 264 f10428-f104d8 call ea91b0 * 20 241->264 265 f104dd-f10507 call ea4c50 call f04d40 241->265 242->241 244->245 248 f10195-f101ab call eabc30 GetFileAttributesW 244->248 245->154 262 f101db-f101df 248->262 263 f101ad-f101b3 248->263 262->245 263->262 267 f101b5-f101c7 call ea4b10 call f0dc60 263->267 264->214 280 f1065a-f10661 265->280 281 f1050d-f10655 call ea6530 call ede7d0 call ea4b10 call ede500 call ea4b10 call ede500 call ea4b10 call ede500 call f0f4e0 call ea91b0 * 20 265->281 279 f101cc-f101d1 267->279 285 f101d3-f101d7 279->285 286 f101d9-f10209 call eb09c0 call ea40c0 279->286 283 f10704-f1075d call ea4b10 call ede500 call eabc30 call 100e7f8 280->283 284 f10667-f106ff call ea6530 call ede7d0 call ea4b10 call ede500 call ea4b10 call ede500 call ea4b10 call ede500 call f0f4e0 280->284 281->214 326 f1076b 283->326 327 f1075f-f10769 283->327 376 f10a33-f10b3f LocalFree call ea4b10 call ede500 call ea4b70 call ea4b10 call ede500 call ed72b0 * 2 call ea91b0 * 4 call eabc30 OpenEventW call ea6690 call edecf0 284->376 285->245 286->239 331 f10775-f1078f call ea91b0 326->331 327->331 345 f10935-f10a2c call ea4c50 * 2 call ea4b10 call ede500 call ea4b10 call ede500 call ea4b10 call ede500 call f0f3b0 call ea91b0 * 5 331->345 346 f10795-f10824 call ea4d60 call ea4c50 call f04d40 call ea4c50 call f04d40 call eb3360 call eabc30 call 100e7f8 331->346 345->376 429 f10928-f10930 call ea91b0 346->429 430 f1082a-f10921 call ea4c50 * 2 call ea4b10 call ede500 call ea4b10 call ede500 call ea4b10 call ede500 call f0f3b0 call ea91b0 * 5 346->430 501 f10b45-f10b4c 376->501 502 f10cd9-f10d1c call eabc30 CreateEventW call ea6690 call edecf0 376->502 429->376 430->429 501->502 505 f10b52-f10cd4 call ea6690 call edecf0 call ea4b10 call ede500 call eabc30 call ea4b10 call ede500 call eabc30 MessageBoxW call ea91b0 * 25 501->505 529 f10d22-f10d88 call ea4b10 call ede500 call ea4b10 call ede500 call f08ee0 502->529 530 f10e58-f10eb7 call ea4b10 call ede500 call ea4b10 call ede500 call f08ee0 502->530 505->214 570 f10dfb-f10e50 call ea4b10 call ede500 call ea4b10 call ede500 call f090e0 529->570 571 f10d8a-f10df9 call ea4b10 call ede500 call ea4b10 call ede500 call f090e0 529->571 568 f10ebc-f10ec4 530->568 572 f10ec6-f10f18 call ea4b10 call ede500 call ea4b10 call ede500 call f08e30 568->572 573 f10f1b-f10f63 call ea91b0 call f0d290 GdiplusStartup call 1008a99 568->573 628 f10e53 570->628 571->628 572->573 607 f10f65-f10fcd call ea4b10 * 3 call ea4c50 call ea7250 573->607 608 f10fda 573->608 651 f10fd2-f10fd8 607->651 613 f10fe4-f11012 call eb5260 608->613 631 f11021-f11025 613->631 632 f11014-f1101b SetEvent 613->632 628->573 633 f11027-f11030 WaitForSingleObject 631->633 634 f11036-f1103d 631->634 632->631 633->634 637 f1104c-f11076 call fe28e0 call fe2320 GdiplusShutdown 634->637 638 f1103f-f11046 CloseHandle 634->638 654 f11078-f1108b call f0d740 637->654 655 f1108d 637->655 638->637 651->613 658 f11097-f11154 call ea91b0 * 22 654->658 655->658 658->214
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F1C600: GetCurrentProcessId.KERNEL32(0104954C), ref: 00F1C65E
                                                                                                                        • Part of subcall function 00F1C600: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00F1C66B
                                                                                                                        • Part of subcall function 00F1C600: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 00F1C6A4
                                                                                                                        • Part of subcall function 00F1C600: CloseHandle.KERNEL32(000000FF), ref: 00F1C6E5
                                                                                                                        • Part of subcall function 00F1C600: _DebugHeapAllocator.LIBCPMTD ref: 00F1C704
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0FDC6
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0FDE9
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00F08FA0: RegCreateKeyW.ADVAPI32(00000000,00000000,000000FE), ref: 00F08FED
                                                                                                                        • Part of subcall function 00F08FA0: RegQueryValueExW.KERNEL32(?,00001000,00000000,?,00001000,00001000,00001000), ref: 00F09031
                                                                                                                        • Part of subcall function 00F08FA0: RegCloseKey.KERNEL32(000000FF,000000FF), ref: 00F09045
                                                                                                                        • Part of subcall function 00F08FA0: _DebugHeapAllocator.LIBCPMTD ref: 00F09052
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0FE0C
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0FE2E
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0FEEF
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0FF12
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1000F
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F10039
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F10062
                                                                                                                      • GetFileAttributesW.KERNEL32(00000000,00000000,0000005C,00000000), ref: 00F10097
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F100D9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$task$CloseCreate$AttributesBase::Concurrency::details::ContextCurrentFileFirstHandleIdentityProcessProcess32QueryQueueSnapshotToolhelp32ValueWork
                                                                                                                      • String ID: /pixel.gif$/restart$19882742-CC56-1A59-9779-FB8CBFA1E29D$APPDATA$Local$PC App Store$PC App Store is up and running, click on the Start Button$PCAppStore$RES_COUNT$Temp$USERPROFILE$Version$active$channel$default$download$id=-1$id=-2$id=-3$pcapp.store$product$showM$wgetenv_error
                                                                                                                      • API String ID: 2253028642-173553949
                                                                                                                      • Opcode ID: 10f16e0f7d688ed2c6aaaf7a6bb1d738d56e12a183ad2f1b4cf4b4b3e7e52136
                                                                                                                      • Instruction ID: a85dfa3b33f72ab4f7503f593a6e1a7bc0b190078a018406107282f8d469a83e
                                                                                                                      • Opcode Fuzzy Hash: 10f16e0f7d688ed2c6aaaf7a6bb1d738d56e12a183ad2f1b4cf4b4b3e7e52136
                                                                                                                      • Instruction Fuzzy Hash: ABC270B1D112189BCB14FBA4DC56BEDB7B9AF59300F404599F4097B282EF706A44CFA2
                                                                                                                      Function 00F1C460 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 130memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetFileVersionInfoSizeW.VERSION(00000000,?), ref: 00F1C476
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C499
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C48C
                                                                                                                        • Part of subcall function 00EAB010: _DebugHeapAllocator.LIBCPMTD ref: 00EAB01E
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?), ref: 00F1C4AB
                                                                                                                      • GetFileVersionInfoW.VERSION(00000000,00000000,00000000,00000000), ref: 00F1C4D8
                                                                                                                      • VerQueryValueW.VERSION(00000000,01049298,?,?,00000000,00000000,00000000,00000000), ref: 00F1C4EE
                                                                                                                      • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,01049298,?,?,00000000,00000000,00000000,00000000), ref: 00F1C51D
                                                                                                                      • wsprintfW.USER32 ref: 00F1C556
                                                                                                                      • wsprintfW.USER32 ref: 00F1C58B
                                                                                                                      • VerQueryValueW.VERSION(00000000,?,00F1C14A,?), ref: 00F1C5A7
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C5B7
                                                                                                                      • VerQueryValueW.VERSION(00000000,?,?,?,00000000,?,00F1C14A,?), ref: 00F1C5CF
                                                                                                                      Strings
                                                                                                                      • \StringFileInfo\%04x%04x\FileDescription, xrefs: 00F1C54A
                                                                                                                      • \StringFileInfo\%04x%04x\ProductVersion, xrefs: 00F1C57F
                                                                                                                      • \VarFileInfo\Translation, xrefs: 00F1C514
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeapQueryValue$FileInfoVersionwsprintf$AllocGlobalSize
                                                                                                                      • String ID: \StringFileInfo\%04x%04x\FileDescription$\StringFileInfo\%04x%04x\ProductVersion$\VarFileInfo\Translation
                                                                                                                      • API String ID: 3856836999-227869778
                                                                                                                      • Opcode ID: c4fd742dc2b59926f8d3c7917890d6289790475c7690ddaeea12ede3089ab973
                                                                                                                      • Instruction ID: 54ffc994752b2ab906c25017f2334f2418afa1d69b839c8ad07fbcf52e198d16
                                                                                                                      • Opcode Fuzzy Hash: c4fd742dc2b59926f8d3c7917890d6289790475c7690ddaeea12ede3089ab973
                                                                                                                      • Instruction Fuzzy Hash: 214151B1900218ABDB14DBD4C995FFFB7B9EF48300F04856CF515AB185DB38AA44DB60
                                                                                                                      Function 00F0EAF0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 321comCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • CoInitializeEx.OLE32(00000000,00000000), ref: 00F0EB12
                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00F0EB74
                                                                                                                      • allocator.LIBCPMTD ref: 00F0EBC0
                                                                                                                      • CoCreateInstance.OLE32(01052824,00000000,00000001,01052814,00000000,?), ref: 00F0EBDB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize$CreateInstanceSecurityallocator
                                                                                                                      • String ID: ROOT\CIMV2$SELECT * FROM Win32_ComputerSystemProduct$UUID$WQL
                                                                                                                      • API String ID: 179130159-4235021490
                                                                                                                      • Opcode ID: 1d6c9545b6377361f458cf9b0dd93f60b1bc0df0ae1f46be2f23f5dcdf6657f8
                                                                                                                      • Instruction ID: 9e04b2e38c8b3eda8f074f880ee920f337f752da22e83faa01af900f30dd186a
                                                                                                                      • Opcode Fuzzy Hash: 1d6c9545b6377361f458cf9b0dd93f60b1bc0df0ae1f46be2f23f5dcdf6657f8
                                                                                                                      • Instruction Fuzzy Hash: 66E15970D00248DFDB14EBE4CC55BEEBBB0AF19304F208599E151BB2D1DB782A45EBA1
                                                                                                                      Function 00F0F170 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 162registryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F0EAF0: CoInitializeEx.OLE32(00000000,00000000), ref: 00F0EB12
                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,00000000), ref: 00F0F2E8
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,00000200), ref: 00F0F346
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F0F358
                                                                                                                      • wsprintfW.USER32 ref: 00F0F378
                                                                                                                      • task.LIBCPMTD ref: 00F0F388
                                                                                                                      • task.LIBCPMTD ref: 00F0F39A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$CloseInitializeOpenQueryValuewsprintf
                                                                                                                      • String ID: %wsX$00000000-0000-0000-0000-000000000000$03000200-0400-0500-0006-000700080009$12345678-1234-5678-90AB-CDDEEFAABBCC$19882742-CC56-1A59-9779-FB8CBFA1E29D$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                      • API String ID: 1254819813-2505873859
                                                                                                                      • Opcode ID: 070012186f34595d0e0e8b228acccda3ebdba3fc524f1b8ba92e9d5883b8cc5b
                                                                                                                      • Instruction ID: 73c91a94b598721ab56e7c4fe0cd4361755e294b288e872a582f74bebaffeec7
                                                                                                                      • Opcode Fuzzy Hash: 070012186f34595d0e0e8b228acccda3ebdba3fc524f1b8ba92e9d5883b8cc5b
                                                                                                                      • Instruction Fuzzy Hash: BB5173B1D00208ABDB04FBE4DD86BDDB7B5AF19700F14452DF445BB282DB346A05CBA5
                                                                                                                      Function 00EE08B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 282timeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • WinHttpConnect.WINHTTP(?,?,000001BB,00000000), ref: 00EE0947
                                                                                                                      • GetTickCount64.KERNEL32 ref: 00EE0972
                                                                                                                      • WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800000), ref: 00EE0C0F
                                                                                                                      • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00EE0C36
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE0C4A
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE0C5A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EE0CAC
                                                                                                                      • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00EE0CC1
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE0CD4
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE0CE4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Http$CloseHandle$Request$Base::Concurrency::details::ConnectContextCount64IdentityOpenQueueReceiveResponseSendTickTimeoutsWork
                                                                                                                      • String ID: GET
                                                                                                                      • API String ID: 2109365302-1805413626
                                                                                                                      • Opcode ID: a533eaf7fe0af110e600e3c19caccc46d8d46996efdfc75ebd655da6844abe9e
                                                                                                                      • Instruction ID: ff733ec9d81ca48e8121933a780a2bea162537d27c7380386251794bb07a7bd9
                                                                                                                      • Opcode Fuzzy Hash: a533eaf7fe0af110e600e3c19caccc46d8d46996efdfc75ebd655da6844abe9e
                                                                                                                      • Instruction Fuzzy Hash: 97E182B4E00219DFDB24CF99D984BAEBBB1BF48300F208199E549B7385DB746A81CF54
                                                                                                                      Function 00F0E660 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 202memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0E72D
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0E758
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00F08FA0: RegCreateKeyW.ADVAPI32(00000000,00000000,000000FE), ref: 00F08FED
                                                                                                                        • Part of subcall function 00F08FA0: RegQueryValueExW.KERNEL32(?,00001000,00000000,?,00001000,00001000,00001000), ref: 00F09031
                                                                                                                        • Part of subcall function 00F08FA0: RegCloseKey.KERNEL32(000000FF,000000FF), ref: 00F09045
                                                                                                                        • Part of subcall function 00F08FA0: _DebugHeapAllocator.LIBCPMTD ref: 00F09052
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0E790
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0E7CC
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0E804
                                                                                                                        • Part of subcall function 00F08EE0: RegCreateKeyW.ADVAPI32(?,00000000,?), ref: 00F08EFE
                                                                                                                        • Part of subcall function 00F08EE0: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,00000004,00000004), ref: 00F08F2D
                                                                                                                        • Part of subcall function 00F08EE0: RegCloseKey.KERNEL32(?), ref: 00F08F3B
                                                                                                                      Strings
                                                                                                                      • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00F0E6D3
                                                                                                                      • %lu, xrefs: 00F0E875
                                                                                                                      • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, xrefs: 00F0E6F8
                                                                                                                      • BuildNumber, xrefs: 00F0E6AE
                                                                                                                      • CurrentBuild, xrefs: 00F0E686
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$CloseCreateQueryValue$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: %lu$BuildNumber$CurrentBuild$SOFTWARE\Microsoft\Windows NT\CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
                                                                                                                      • API String ID: 3525101668-1501554625
                                                                                                                      • Opcode ID: c651fd3188400c12678ceeef22560ff7cb520cbffa95ded3ee9cfe7135c3592c
                                                                                                                      • Instruction ID: c7d4df2e987b51e370cd5f63d1634ed4cb585fbaed7d7064ab1133017f11fee0
                                                                                                                      • Opcode Fuzzy Hash: c651fd3188400c12678ceeef22560ff7cb520cbffa95ded3ee9cfe7135c3592c
                                                                                                                      • Instruction Fuzzy Hash: CE816EB1D11248EACB04EBE8D9567EEBBF4AF59300F14855DE4447B382DB742B04DBA2
                                                                                                                      Function 00FD99F0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 454memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1063 fd99f0-fd9a29 CoInitializeEx 1064 fd9a2b-fd9a41 call ea48e0 1063->1064 1065 fd9a46-fd9b34 call ea6690 call edecf0 call ea6690 call edecf0 call ea48a0 * 3 call eabc30 call ea4ff0 call ea48a0 call eabc30 call ea4ff0 1063->1065 1071 fda0a5-fda0b2 1064->1071 1095 fd9b9c-fd9bd5 call eabc30 call ea4ff0 call eabc30 1065->1095 1096 fd9b36-fd9b97 call ea48e0 call ea9100 * 4 call ea91b0 * 2 1065->1096 1110 fd9bd9-fd9be0 1095->1110 1096->1071 1112 fd9be6-fd9bf5 call eab8e0 1110->1112 1113 fda042-fda0a2 call fd62d0 call ea9100 * 4 call ea91b0 * 2 1110->1113 1112->1113 1122 fd9bfb-fd9c41 call eabc30 1112->1122 1113->1071 1122->1113 1136 fd9c47-fd9c92 call eabc30 call ea4ff0 call eab8e0 1122->1136 1149 fd9c98-fd9d31 call ea7850 call eabc30 call ea4ff0 call ea7850 call eabc30 call ea4ff0 1136->1149 1150 fda033-fda03d call eaae40 1136->1150 1167 fda01b-fda02e call eaa6e0 * 2 1149->1167 1168 fd9d37-fd9d3e 1149->1168 1150->1113 1167->1150 1168->1167 1169 fd9d44-fd9d53 call eab990 1168->1169 1169->1167 1175 fd9d59-fd9d68 call eab990 1169->1175 1175->1167 1178 fd9d6e-fd9e3f call ea4b10 call ede500 call eabc30 SysStringLen call eabc30 call ed5f80 call eab760 1175->1178 1191 fd9e45-fd9f06 call ea4b10 call ede500 call eabc30 SysStringLen call eabc30 call ed5f80 call eab760 1178->1191 1192 fd9f11 1178->1192 1191->1192 1225 fd9f08-fd9f0f 1191->1225 1193 fd9f18-fd9f24 1192->1193 1195 fd9f35-fd9f42 1193->1195 1196 fd9f26-fd9f30 call ea91b0 1193->1196 1199 fd9f44-fd9f4e call ea91b0 1195->1199 1200 fd9f53-fd9f60 1195->1200 1196->1195 1199->1200 1204 fd9f71-fd9f7e 1200->1204 1205 fd9f62-fd9f6c call ea91b0 1200->1205 1207 fd9f8f-fd9f95 1204->1207 1208 fd9f80-fd9f8a call ea91b0 1204->1208 1205->1204 1207->1167 1211 fd9f9b-fda016 call fd62d0 call eaa6e0 * 2 call ea9100 * 4 call ea91b0 * 2 1207->1211 1208->1207 1211->1071 1225->1193
                                                                                                                      APIs
                                                                                                                      • CoInitializeEx.OLE32(00000000,00000000), ref: 00FD9A1C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD9A30
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD9B3B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Initialize
                                                                                                                      • String ID: Shell_TrayWnd$Taskbar
                                                                                                                      • API String ID: 648477747-1897506974
                                                                                                                      • Opcode ID: 16b68fbe3a52c57394ef829beabf21d05b18afd1aedbf7c4e6511421073f69a1
                                                                                                                      • Instruction ID: 15207e22f8407de021afb208c4c527f822cf1e751efe911a19b87982943185ce
                                                                                                                      • Opcode Fuzzy Hash: 16b68fbe3a52c57394ef829beabf21d05b18afd1aedbf7c4e6511421073f69a1
                                                                                                                      • Instruction Fuzzy Hash: B3224871D00219DFDB14EFA4C855BEEBBB1BF59300F148199E00ABB292DB746A45CF91
                                                                                                                      Function 00F0E910 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135registryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,00000000), ref: 00F0EA1E
                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,00000000,00000004), ref: 00F0EA89
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F0EAAA
                                                                                                                      • task.LIBCPMTD ref: 00F0EAC0
                                                                                                                      • task.LIBCPMTD ref: 00F0EAD2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Base::CloseConcurrency::details::ContextIdentityOpenQueryQueueValueWork
                                                                                                                      • String ID: Software\PCAppStore$status
                                                                                                                      • API String ID: 2895640995-3794422696
                                                                                                                      • Opcode ID: c6b2cf2aa3ef9710fa2b97c9fb7bd41656b59a3fe1d83b50eb8c7289203c8bee
                                                                                                                      • Instruction ID: 28d10b01c1654b153bed5e67541f6182f2c081fd3f1ef0f11e71100b9098b142
                                                                                                                      • Opcode Fuzzy Hash: c6b2cf2aa3ef9710fa2b97c9fb7bd41656b59a3fe1d83b50eb8c7289203c8bee
                                                                                                                      • Instruction Fuzzy Hash: 925127B1D00208DBCB14EFE4D986BEDFBB4AF49300F10855DE515BB286DB342A04CBA1
                                                                                                                      Function 00F1BF10 Relevance: 12.3, APIs: 8, Instructions: 286COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 00F1BF82
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnumProcesses
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 84517404-0
                                                                                                                      • Opcode ID: 1e3dc178bf3a1be5197e11c7ade434669393a7a62316a4b1ca30f1beac3fc554
                                                                                                                      • Instruction ID: bb427b00e2d36c80906a1f93b29b09e6ec9124c0b4810c3d828b268589c26f5f
                                                                                                                      • Opcode Fuzzy Hash: 1e3dc178bf3a1be5197e11c7ade434669393a7a62316a4b1ca30f1beac3fc554
                                                                                                                      • Instruction Fuzzy Hash: A5B15EB1D00208EFDB14DBE4D991BEEBBB4AF59300F10815DF606BB285DB346A45DBA1
                                                                                                                      Function 00EDE809 Relevance: 10.7, APIs: 7, Instructions: 182COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • task.LIBCPMTD ref: 00EDE8D0
                                                                                                                      • task.LIBCPMTD ref: 00EDE8DF
                                                                                                                        • Part of subcall function 00EDD7C0: _DebugHeapAllocator.LIBCPMTD ref: 00EDD7CA
                                                                                                                        • Part of subcall function 00EDD980: _DebugHeapAllocator.LIBCPMTD ref: 00EDD998
                                                                                                                        • Part of subcall function 00EDF1C0: task.LIBCPMTD ref: 00EDF26C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • task.LIBCPMTD ref: 00EDEA16
                                                                                                                      • task.LIBCPMTD ref: 00EDEA25
                                                                                                                      • task.LIBCPMTD ref: 00EDEA34
                                                                                                                      • task.LIBCPMTD ref: 00EDEA4C
                                                                                                                      • task.LIBCPMTD ref: 00EDEA5B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3843943072-0
                                                                                                                      • Opcode ID: 569dca8a6146d2e44f3656026840d4605cd30ea62370de8c3b084ed1c976cf27
                                                                                                                      • Instruction ID: dfffcdaad3dd170b248f0cb896db210e4cc22917fb445e22d4eea3def1c95423
                                                                                                                      • Opcode Fuzzy Hash: 569dca8a6146d2e44f3656026840d4605cd30ea62370de8c3b084ed1c976cf27
                                                                                                                      • Instruction Fuzzy Hash: FA811971D00258DFCB04EF94C991AEEB7F5BF59300F14919AE11ABB292DB302E49CB91
                                                                                                                      Function 00F0D7A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0D823
                                                                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000,?,0000005C,?,01064038,?,?,00000002), ref: 00F0D89A
                                                                                                                      • GetLastError.KERNEL32(?,00000002), ref: 00F0D8A8
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0D8F1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$CreateDirectoryErrorLast
                                                                                                                      • String ID: CreateDirectory_failed$invalid_parameters
                                                                                                                      • API String ID: 470482376-4003710211
                                                                                                                      • Opcode ID: 0e27301bab22a76ca42a5afc069ba48c981bd971d2bb9f32441f8cf8ec0ef652
                                                                                                                      • Instruction ID: 359ac40b66be0ff7b970f1b34f3bdb9971812b8141f4f5e0f18f3b5bbd6623a0
                                                                                                                      • Opcode Fuzzy Hash: 0e27301bab22a76ca42a5afc069ba48c981bd971d2bb9f32441f8cf8ec0ef652
                                                                                                                      • Instruction Fuzzy Hash: 505180B1D01248EBCB04EFE4D956BEEBBB4AF55300F508159F505BB282DB746B04CBA2
                                                                                                                      Function 00F1C073 Relevance: 9.2, APIs: 6, Instructions: 161memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,00000000,?,?), ref: 00F1C09F
                                                                                                                      • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000001,00000104), ref: 00F1C0F4
                                                                                                                      • PathFindFileNameW.SHLWAPI(00000000), ref: 00F1C10E
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00F1C460: GetFileVersionInfoSizeW.VERSION(00000000,?), ref: 00F1C476
                                                                                                                        • Part of subcall function 00F1C460: _DebugHeapAllocator.LIBCPMTD ref: 00F1C48C
                                                                                                                        • Part of subcall function 00F1C460: _DebugHeapAllocator.LIBCPMTD ref: 00F1C499
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C154
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1C16E
                                                                                                                        • Part of subcall function 00F1BB00: _DebugHeapAllocator.LIBCPMTD ref: 00F1BB2B
                                                                                                                        • Part of subcall function 00F1BB00: _DebugHeapAllocator.LIBCPMTD ref: 00F1BB50
                                                                                                                        • Part of subcall function 00F1BB00: _DebugHeapAllocator.LIBCPMTD ref: 00F1BB69
                                                                                                                        • Part of subcall function 00F1BB00: _DebugHeapAllocator.LIBCPMTD ref: 00F1BB82
                                                                                                                        • Part of subcall function 00F1BB00: _DebugHeapAllocator.LIBCPMTD ref: 00F1BB9B
                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F1C235
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$FileFindNameProcess$ChangeCloseFullImageInfoNotificationOpenPathQuerySizeVersion
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3119194949-0
                                                                                                                      • Opcode ID: 10918f10ec3423c4fbcbcd99945a7e3dfa2d3115377346ced37d01cc7ff09447
                                                                                                                      • Instruction ID: b075ab59d22e815992db946c2dc06c048220dd530143141aa1278cf7b12a7e3f
                                                                                                                      • Opcode Fuzzy Hash: 10918f10ec3423c4fbcbcd99945a7e3dfa2d3115377346ced37d01cc7ff09447
                                                                                                                      • Instruction Fuzzy Hash: CE613AB1D00208EFCB04EBE4DD95EEEB7B5AF59300F108159F106BB292DB746A45CBA1
                                                                                                                      Function 00F08FA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91registrymemoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • RegCreateKeyW.ADVAPI32(00000000,00000000,000000FE), ref: 00F08FED
                                                                                                                      • RegQueryValueExW.KERNEL32(?,00001000,00000000,?,00001000,00001000,00001000), ref: 00F09031
                                                                                                                      • RegCloseKey.KERNEL32(000000FF,000000FF), ref: 00F09045
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F09052
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorBase::CloseConcurrency::details::ContextCreateDebugHeapIdentityQueryQueueValueWork
                                                                                                                      • String ID: a$
                                                                                                                      • API String ID: 2426126875-957578066
                                                                                                                      • Opcode ID: d97a08e7fadf1dadcd5d51e8dc05ed367b60e8650c165db257b847e47c277b95
                                                                                                                      • Instruction ID: 255a3d126999d6f5871f1614bbcd0af4b0d674503dc5d6d81a4bbf5551a9a218
                                                                                                                      • Opcode Fuzzy Hash: d97a08e7fadf1dadcd5d51e8dc05ed367b60e8650c165db257b847e47c277b95
                                                                                                                      • Instruction Fuzzy Hash: 714138B1911109EBCB04DFA4C995BEFBBB4BF59310F108218F565BB2C1DB74AA04CBA1
                                                                                                                      Function 00EDECF0 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDDA20: task.LIBCPMTD ref: 00EDDAA1
                                                                                                                        • Part of subcall function 00EDF1C0: task.LIBCPMTD ref: 00EDF26C
                                                                                                                      • task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDE100: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDE278
                                                                                                                      • task.LIBCPMTD ref: 00EDEE62
                                                                                                                      • task.LIBCPMTD ref: 00EDEE71
                                                                                                                      • task.LIBCPMTD ref: 00EDEE7D
                                                                                                                      • task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EDD7C0: _DebugHeapAllocator.LIBCPMTD ref: 00EDD7CA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorConcurrency::task_continuation_context::task_continuation_contextDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1916955639-0
                                                                                                                      • Opcode ID: 501ace797c2f63bee7dfa7bc534d3fa31e222047344ffd926bdef38ce8444555
                                                                                                                      • Instruction ID: c71c0e934a6dcf4c0c8b08dfa330a0c3a5e233c54ce3e6742aa56a56301c91e4
                                                                                                                      • Opcode Fuzzy Hash: 501ace797c2f63bee7dfa7bc534d3fa31e222047344ffd926bdef38ce8444555
                                                                                                                      • Instruction Fuzzy Hash: BD511E71C04148DFCB04EBE4C891BEEBBF4AF59300F14955AE106B7292EB346A49CBA1
                                                                                                                      Function 00FF6871 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FF6878
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FF6882
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FF6929
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00FF6934
                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FF6941
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 845066630-0
                                                                                                                      • Opcode ID: 20eb91afb0e84fe4075b8f3f2ae17fd5255af33f5be5f2a8eff0728a450e07f3
                                                                                                                      • Instruction ID: e1c06931e343ee98d5262516bed65ee7db7b00c20484cd4bd4bea20eb7138e65
                                                                                                                      • Opcode Fuzzy Hash: 20eb91afb0e84fe4075b8f3f2ae17fd5255af33f5be5f2a8eff0728a450e07f3
                                                                                                                      • Instruction Fuzzy Hash: B031AD34A0021AAFDB14EF54C891ABCB774FF48320F118519EA56AB2E1CF70AE00CF80
                                                                                                                      Function 00EDFD80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82memorytimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EDFDD8
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • WinHttpOpen.WINHTTP(00000000,00000000,00000000), ref: 00EDFDFB
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00EDFE5D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Http$AllocatorBase::Concurrency::details::ContextDebugHeapIdentityOpenQueueTimeoutsWork
                                                                                                                      • String ID: WinHTTP 1.0
                                                                                                                      • API String ID: 4077641921-2851767304
                                                                                                                      • Opcode ID: 57f97d065c9a3f952cb00fe20bf93505f9616f55deeefa78f6271f6926ce197a
                                                                                                                      • Instruction ID: f6e94fc803e06c5751c653715bd894687679d7d90dca46cecbff1f94dce6b5ba
                                                                                                                      • Opcode Fuzzy Hash: 57f97d065c9a3f952cb00fe20bf93505f9616f55deeefa78f6271f6926ce197a
                                                                                                                      • Instruction Fuzzy Hash: 1A311CB0D002099BCB14EF94DD8ABEEB7B5FB48710F104629E915BB3C1DB756A01CBA4
                                                                                                                      Function 00EA7B60 Relevance: 6.1, APIs: 4, Instructions: 66comfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitializeEx.OLE32(00000000,00000000,?,00000000,01034BAD,000000FF,?,00EA73C8,01041B98,?,?,?), ref: 00EA7BD9
                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00EA73C8,01041B98,?,?,?), ref: 00EA7BF1
                                                                                                                      • CoCreateInstance.OLE32(01052824,00000000,00000001,01052814,?,?,00EA73C8,01041B98,?,?,?), ref: 00EA7C0C
                                                                                                                      • Icmp6CreateFile.IPHLPAPI ref: 00EA7C12
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitialize$FileIcmp6InstanceSecurity
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2581660068-0
                                                                                                                      • Opcode ID: fdb49980965d2a4f4005143c9b96e5d9b05fbb074c68fc088d6f4a10aac82cd6
                                                                                                                      • Instruction ID: 6f26d5df0f2f4b89916d5c83c41814598d93979e29c028c6ef601e1fae6b8bd2
                                                                                                                      • Opcode Fuzzy Hash: fdb49980965d2a4f4005143c9b96e5d9b05fbb074c68fc088d6f4a10aac82cd6
                                                                                                                      • Instruction Fuzzy Hash: CE21E6B4A4421AABDB24DF84CD56BAEB7B5FB49B14F100648F5217F3C1CBB56800CB94
                                                                                                                      Function 00F08EE0 Relevance: 6.1, APIs: 4, Instructions: 61registryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegCreateKeyW.ADVAPI32(?,00000000,?), ref: 00F08EFE
                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,00000004,00000004), ref: 00F08F2D
                                                                                                                      • RegCloseKey.KERNEL32(?), ref: 00F08F3B
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • RegCloseKey.KERNEL32(?), ref: 00F08F5E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$Base::Concurrency::details::ContextCreateIdentityQueryQueueValueWork
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 46399320-0
                                                                                                                      • Opcode ID: 1568b2a25b01ceab6a48ed2187512d663bf5acadc88acf06d6c093d060cce030
                                                                                                                      • Instruction ID: 0399a89e33092048aa5c31c4da6fc85f4d5f80cfe20ab63edf177aa4bc40af02
                                                                                                                      • Opcode Fuzzy Hash: 1568b2a25b01ceab6a48ed2187512d663bf5acadc88acf06d6c093d060cce030
                                                                                                                      • Instruction Fuzzy Hash: 4321667591024DAFCB04EFA0C855FEEBBB9AF15300F408058F9556B285DF75AA05DBA0
                                                                                                                      Function 010157D6 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNEL32(00000000,?,Function_001855FA,00000000,00000004,00000000), ref: 01015825
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00F103EB,Function_0007FB50), ref: 01015831
                                                                                                                      • __dosmaperr.LIBCMT ref: 01015838
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2744730728-0
                                                                                                                      • Opcode ID: 635f01269399a6434abfbba342f04617ffd3694985c0c5c2d0ff3ac020dafae4
                                                                                                                      • Instruction ID: e0460198d2642c00a6e69fa4270600b450bf7fdabadf484fa581e7e01d5c5bbb
                                                                                                                      • Opcode Fuzzy Hash: 635f01269399a6434abfbba342f04617ffd3694985c0c5c2d0ff3ac020dafae4
                                                                                                                      • Instruction Fuzzy Hash: E3012676501206BBDB119B68DC08BDE7AB8FFC2771F204259F964AA1D4DB74C940C760
                                                                                                                      Function 00E9126C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00E98640: _DebugHeapAllocator.LIBCPMTD ref: 00E9865F
                                                                                                                      • _Smanip.LIBCPMTD ref: 00E9154E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueSmanipWork
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 2791413155-1077428164
                                                                                                                      • Opcode ID: 65c556d8c02ef318b7e00c08f5acbd64ea89a6f2d676b7799c9f8da0c2a43c65
                                                                                                                      • Instruction ID: cfa64531767f875e91e124c66e8191643dd00a196f25bb79d0d51845e19db6aa
                                                                                                                      • Opcode Fuzzy Hash: 65c556d8c02ef318b7e00c08f5acbd64ea89a6f2d676b7799c9f8da0c2a43c65
                                                                                                                      • Instruction Fuzzy Hash: 0DB10970C01258DBDB14EBA8C945BDDBBB5AF5A300F54919DE1497B282EB701B48CFA2
                                                                                                                      Function 00EDFEB0 Relevance: 4.6, APIs: 3, Instructions: 79synchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00EDFF27
                                                                                                                      • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00EDFF6A
                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00EDFFAB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Mutex_baseMutex_base::~_std::_$ObjectSingleWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2492459195-0
                                                                                                                      • Opcode ID: 9086009d9187d63f4c235e32df6ec00fd1fd1911d4a3d1f23243aca57b6d7038
                                                                                                                      • Instruction ID: 86d43a1b4bb6b47393928d8a89ca8e333400b3184123305c1b1af366629743b3
                                                                                                                      • Opcode Fuzzy Hash: 9086009d9187d63f4c235e32df6ec00fd1fd1911d4a3d1f23243aca57b6d7038
                                                                                                                      • Instruction Fuzzy Hash: 0C318B70A0024A8BDF18EF99C8507BEB3B5FF84304F105929E422BB3C2CB749951CBA5
                                                                                                                      Function 00FD9630 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD9664
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD967E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD9695
                                                                                                                        • Part of subcall function 00EB14F0: CoCreateInstance.OLE32(00000017,00000000,01047714,01044880,00000000,?,?,00F05304,01047714,00000000,00000017,00000000), ref: 00EB150C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$CreateInstance
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1085030698-0
                                                                                                                      • Opcode ID: c5b62543b4a0760ab7a098fe31ac50343a3cbc4aab3dc2eafa3529da4bb97ffd
                                                                                                                      • Instruction ID: 9c2cf519fc7a09b2073d915da56fd8c28176c5630847718b30533094da2d66ad
                                                                                                                      • Opcode Fuzzy Hash: c5b62543b4a0760ab7a098fe31ac50343a3cbc4aab3dc2eafa3529da4bb97ffd
                                                                                                                      • Instruction Fuzzy Hash: 3F21F2B0E042599BDB08DF98CD52BAEBBB1FF88710F144629E5217B381C7B46900DBA4
                                                                                                                      Function 010155FA Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(0106C7D0,0000000C), ref: 0101560D
                                                                                                                      • ExitThread.KERNEL32 ref: 01015614
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorExitLastThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1611280651-0
                                                                                                                      • Opcode ID: 6a4fe7449a17a2c70f9783768f6e4b169cea2b3e6099b1d8639e9a5e0be3f48d
                                                                                                                      • Instruction ID: ab2aa6037584d60d258372f7583a7bea96ff7a759ccc26c4516ee1328486e58e
                                                                                                                      • Opcode Fuzzy Hash: 6a4fe7449a17a2c70f9783768f6e4b169cea2b3e6099b1d8639e9a5e0be3f48d
                                                                                                                      • Instruction Fuzzy Hash: D8F02271A402069FEB01BFB0C949BEE77B0FF85710F200189F182AB294CB786940CF90
                                                                                                                      Function 00ED4675 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • int.LIBCPMTD ref: 00ED4692
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • std::locale::_Locimp::_Addfac.LIBCPMTD ref: 00ED46A5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$AddfacLocimp::_Lockit::_Lockit::~_std::locale::_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2091979860-0
                                                                                                                      • Opcode ID: b41e7447c91663d123f55074ca68e218a55d38fb61879a90dbb1aba17d9d837f
                                                                                                                      • Instruction ID: dba85c22cb86bc411a8242fe98ea8f683435f40d771b469dee81569fe1c9146a
                                                                                                                      • Opcode Fuzzy Hash: b41e7447c91663d123f55074ca68e218a55d38fb61879a90dbb1aba17d9d837f
                                                                                                                      • Instruction Fuzzy Hash: E7F07478A00108EFCB04DF98C595A9DB7F1EB48300F24C59AE859AB352D731AE41DB81
                                                                                                                      Function 00EDBCF3 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • task.LIBCPMTD ref: 00EDBD22
                                                                                                                        • Part of subcall function 00ED6A70: task.LIBCPMTD ref: 00ED6A86
                                                                                                                        • Part of subcall function 00ED6A70: task.LIBCPMTD ref: 00ED6A91
                                                                                                                      • task.LIBCPMTD ref: 00EDBD40
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1384045349-0
                                                                                                                      • Opcode ID: c0ff828b1861cafeee42c51e474717737f66a6b19ce96f6451b329863ab8aec0
                                                                                                                      • Instruction ID: 2c0670683675ba0061b449ef412b8db415de53599bdd6cdf718b9c3eae902715
                                                                                                                      • Opcode Fuzzy Hash: c0ff828b1861cafeee42c51e474717737f66a6b19ce96f6451b329863ab8aec0
                                                                                                                      • Instruction Fuzzy Hash: 7DF0E77181015CDBCB08DF94C891AEDBBB5FB19310F04519EE4167B692DB302A45CB90
                                                                                                                      Function 00EF2050 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SysAllocString.OLEAUT32(00EF24C4), ref: 00EF206F
                                                                                                                      • _com_issue_error.COMSUPP ref: 00EF208D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocString_com_issue_error
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1702453268-0
                                                                                                                      • Opcode ID: 3b1873803d6c30388838cdf6b64321e8e77631383b01b5230c98ad7f1fea2f1d
                                                                                                                      • Instruction ID: e1e96b04eb8284f1d47e9a3c5ec83e61e66e134e72cdc49a2793e27f25061792
                                                                                                                      • Opcode Fuzzy Hash: 3b1873803d6c30388838cdf6b64321e8e77631383b01b5230c98ad7f1fea2f1d
                                                                                                                      • Instruction Fuzzy Hash: 48F01C7590020CEFDB14CF94C584BADBBF5EB54304F20C199E9096B340C7769E81DB80
                                                                                                                      Function 00F1CA00 Relevance: 1.6, APIs: 1, Instructions: 67memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CA9F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 571936431-0
                                                                                                                      • Opcode ID: f11bc22458d72667613eb35b08b2805455cd64d3919affd9f4d8e0784f68111a
                                                                                                                      • Instruction ID: 37e174127a885fb0428f8b93099d5d26184814e813d2f1926334eb334a9ba563
                                                                                                                      • Opcode Fuzzy Hash: f11bc22458d72667613eb35b08b2805455cd64d3919affd9f4d8e0784f68111a
                                                                                                                      • Instruction Fuzzy Hash: 9E213971C0424DDFCB05DFA8C961BEEFBB0AF09310F648258D4657B291DB386A05DBA1
                                                                                                                      Function 00EF2480 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _com_issue_error.COMSUPP ref: 00EF24F2
                                                                                                                        • Part of subcall function 00EF2050: SysAllocString.OLEAUT32(00EF24C4), ref: 00EF206F
                                                                                                                        • Part of subcall function 00EF2050: _com_issue_error.COMSUPP ref: 00EF208D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _com_issue_error$AllocString
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 245909816-0
                                                                                                                      • Opcode ID: e871a415c3aaebbae8790130b1dcc8203ab0e61461a3ca3b37e8819ae3d697f7
                                                                                                                      • Instruction ID: 988c5237481b2a178412ef9d0f6cbea883624bd1d245a7d55366c9df22000ee9
                                                                                                                      • Opcode Fuzzy Hash: e871a415c3aaebbae8790130b1dcc8203ab0e61461a3ca3b37e8819ae3d697f7
                                                                                                                      • Instruction Fuzzy Hash: D80117B5D0024ADFDB00DF98C841BBEBBB0FB04314F10462DE625AB380D7745A40CB91
                                                                                                                      Function 01008A99 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • stdext::threads::lock_error::lock_error.LIBCPMTD ref: 01009A5E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: stdext::threads::lock_error::lock_error
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 785919494-0
                                                                                                                      • Opcode ID: 3447f1e826d19e30a585f2984cb8c59b29354a3f5a96a67b336ade56355ddff9
                                                                                                                      • Instruction ID: fd337550d5731d30ea9e56c233126e87464041afdf585e95ab9764e38aab1999
                                                                                                                      • Opcode Fuzzy Hash: 3447f1e826d19e30a585f2984cb8c59b29354a3f5a96a67b336ade56355ddff9
                                                                                                                      • Instruction Fuzzy Hash: 4AF0A730D0420EBAAB11E678DD1459D37AC6E112A0F5086A5A994954E1EF31D59682D1
                                                                                                                      Function 010236F7 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,?,?,01008AB3,00000000,?,00EB6F9C,00000000,?,00E99F29,00000000), ref: 01023729
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 1ae70e318ab05b9bf2e7259806ec998af842904ba35a94064702395d75c407ce
                                                                                                                      • Instruction ID: f93f623b3915c6dc703989ed68c3f8866fb1dcd6d7c5e889d700030ccd0319e0
                                                                                                                      • Opcode Fuzzy Hash: 1ae70e318ab05b9bf2e7259806ec998af842904ba35a94064702395d75c407ce
                                                                                                                      • Instruction Fuzzy Hash: 11E0EDB110023267EE722A69CC04B9F3A8CBF196B0F0501E0EDC4AE1C4EB2CD80082E0
                                                                                                                      Function 00ED6553 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::bad_exception::bad_exception.LIBCMTD ref: 00ED6558
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: std::bad_exception::bad_exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2160870905-0
                                                                                                                      • Opcode ID: 4d7aeb08be564ca762993d733e9585a061e5a31bab73e1a304ca5048cd0a0645
                                                                                                                      • Instruction ID: fb645a88421e65e06671b4efdaafb5a1daf492b9605e79b52f12fe4f4caa515d
                                                                                                                      • Opcode Fuzzy Hash: 4d7aeb08be564ca762993d733e9585a061e5a31bab73e1a304ca5048cd0a0645
                                                                                                                      • Instruction Fuzzy Hash: 93E0C2B0E0464ADBCB04DFD4D952AAEBBB1EB88710F10865EE4256B390CA341A01CB90
                                                                                                                      Function 00EB14F0 Relevance: 1.5, APIs: 1, Instructions: 17comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoCreateInstance.OLE32(00000017,00000000,01047714,01044880,00000000,?,?,00F05304,01047714,00000000,00000017,00000000), ref: 00EB150C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInstance
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 542301482-0
                                                                                                                      • Opcode ID: 55688d2e9362356d9c6b56b8216f0760fb037a7992ecc5cd209ed1fdfc0f2fc6
                                                                                                                      • Instruction ID: 2e110b30793651328e492726f6a2391a6dfae047f2d9c55cf96a8df0c4d9ee2f
                                                                                                                      • Opcode Fuzzy Hash: 55688d2e9362356d9c6b56b8216f0760fb037a7992ecc5cd209ed1fdfc0f2fc6
                                                                                                                      • Instruction Fuzzy Hash: 38D062B5515208BB9704DF89ED45C9FB7BCEB49710B10815DFD08D7204D53199109BA4
                                                                                                                      Function 00EB3540 Relevance: 1.3, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00EAAFA8,000000FF,00000000,00000000,?,00EAAFA8,00000000,000000FF), ref: 00EB3555
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 626452242-0
                                                                                                                      • Opcode ID: 55a7040c6e710fcb88c3843fde38fc3a796d66b4144cfa080800b1daddfdfcfb
                                                                                                                      • Instruction ID: 2ea556cb9011feadec808c1365656c7e724922a8dbe4eb699eed857832421299
                                                                                                                      • Opcode Fuzzy Hash: 55a7040c6e710fcb88c3843fde38fc3a796d66b4144cfa080800b1daddfdfcfb
                                                                                                                      • Instruction Fuzzy Hash: C8C0407525430477D5106DFDAD46F55775C9705771F104300F72CAE1C5C555B4404669
                                                                                                                      Function 00EF4940 Relevance: 1.3, APIs: 1, Instructions: 8COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoUninitialize.OLE32(?,?,00EECF2B), ref: 00EF4947
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Uninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3861434553-0
                                                                                                                      • Opcode ID: fd66091ee243ee1c4a654274161576da98a6412907158eed5b3879ee7b644e59
                                                                                                                      • Instruction ID: f9c02230b44e5153b62b7ef09fb1ca053297e35787b0d4f12e569957b94d65da
                                                                                                                      • Opcode Fuzzy Hash: fd66091ee243ee1c4a654274161576da98a6412907158eed5b3879ee7b644e59
                                                                                                                      • Instruction Fuzzy Hash: 5CB012B480930CAB87249F95BA0545ABBACDA05211B0042DEFD0C633049D3799104BD5

                                                                                                                      Non-executed Functions

                                                                                                                      Function 00F1A050 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceW.KERNEL32(00000001,00000001,PNG), ref: 00F1A07D
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00F1A08C
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00F1A099
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00F1A0A8
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00F1A0B7
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00F1A0C4
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00F1A0E5
                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,00000001), ref: 00F1A0F5
                                                                                                                      • GetLastError.KERNEL32 ref: 00F1A0FE
                                                                                                                        • Part of subcall function 00F192E0: GdipAlloc.GDIPLUS(00FD7C4A,?,00FD7C4A,00000010), ref: 00F192E7
                                                                                                                        • Part of subcall function 00F18D50: GdipCreateBitmapFromStreamICM.GDIPLUS(00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00EA7602), ref: 00F18D9B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalResource$AllocCreateGdipLockStream$BitmapErrorFindFromLastLoadSizeofUnlock
                                                                                                                      • String ID: PNG$
                                                                                                                      • API String ID: 310640834-591156356
                                                                                                                      • Opcode ID: 131e801ab567f4a791c8598ebdc001c552da843604e2cde243bf2faffc2f6b22
                                                                                                                      • Instruction ID: 02c6d1a414c179a7225315a71f9703bf1ccbbe37407bfa724fe2e0fb881c7a1c
                                                                                                                      • Opcode Fuzzy Hash: 131e801ab567f4a791c8598ebdc001c552da843604e2cde243bf2faffc2f6b22
                                                                                                                      • Instruction Fuzzy Hash: 4931DFB5D00209AFDB10DFA4D985BEEBBB4FB48710F104629FA15A7284D7399941CF61
                                                                                                                      Function 00F22480 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 126keyboardmemorywindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EF5A70: IsWindowVisible.USER32(00F21A64), ref: 00EF5A78
                                                                                                                      • keybd_event.USER32(0000001B,00000081,00000000,00000000), ref: 00F22502
                                                                                                                      • keybd_event.USER32(0000001B,00000081,00000002,00000000), ref: 00F22513
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F2256A
                                                                                                                      • task.LIBCPMTD ref: 00F225CA
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 00F225EE
                                                                                                                      • SetFocus.USER32(?,?,?), ref: 00F225F8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Windowkeybd_event$AllocatorDebugFocusForegroundHeapVisibletask
                                                                                                                      • String ID: menu_search
                                                                                                                      • API String ID: 4010996217-1740079999
                                                                                                                      • Opcode ID: 393659b1d00e136dc39e9635ca8fa9aea93f0a53d404df50fc4ecee30f2770b2
                                                                                                                      • Instruction ID: 155b7167579728e48ac605837cc218863b0793559317468672f0cfb2a8b19787
                                                                                                                      • Opcode Fuzzy Hash: 393659b1d00e136dc39e9635ca8fa9aea93f0a53d404df50fc4ecee30f2770b2
                                                                                                                      • Instruction Fuzzy Hash: 2A5182B5D04258EFDB10DBA4D945BEDBBB4AF59300F10815DE501BB382DB746A04DBA2
                                                                                                                      Function 00ED07D0 Relevance: 10.6, APIs: 7, Instructions: 115memorykeyboardthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemMetrics.USER32(00000017), ref: 00ED0809
                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00ED086A
                                                                                                                      • GetPhysicalCursorPos.USER32(?), ref: 00ED0884
                                                                                                                      • WindowFromPoint.USER32(?,?), ref: 00ED0892
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00ED08A3
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED08CA
                                                                                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000C8), ref: 00ED08FB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$AllocatorAsyncCursorDebugFromHeapMetricsMultipleObjectsPhysicalPointProcessStateSystemThreadWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4009661233-0
                                                                                                                      • Opcode ID: 4b77e8866ee5c617943471ca9cd54555799adbb086bcce3c3c1ca722af3efce9
                                                                                                                      • Instruction ID: 79bd60c4bd5f7e5a233dbb3013463d178f040fda8c09340543305f928fba2619
                                                                                                                      • Opcode Fuzzy Hash: 4b77e8866ee5c617943471ca9cd54555799adbb086bcce3c3c1ca722af3efce9
                                                                                                                      • Instruction Fuzzy Hash: BE4179B4D012099BDB18DFA4D994BEEBBB4FF48304F14815DE501B7385DB79AA06CBA0
                                                                                                                      Function 00F00BB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EF57F0: GetUserDefaultUILanguage.KERNEL32(?,?,?,00000000,01039455), ref: 00EF582C
                                                                                                                        • Part of subcall function 00EF57F0: LCIDToLocaleName.KERNEL32(?,?,00000055,00000000,?,?,?,00000000,01039455), ref: 00EF5844
                                                                                                                        • Part of subcall function 00EF57F0: _DebugHeapAllocator.LIBCPMTD ref: 00EF587D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F00C17
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • GetLocaleInfoEx.KERNEL32(00000000,00000070,00000000,00000000), ref: 00F00C67
                                                                                                                      • GetLocaleInfoEx.KERNEL32(?,00000070,?,?,?,00000000,?), ref: 00F00CBA
                                                                                                                        • Part of subcall function 00EF1260: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EF129A
                                                                                                                        • Part of subcall function 00EF4D30: std::bad_exception::~bad_exception.LIBCMTD ref: 00EF4D48
                                                                                                                      • task.LIBCPMTD ref: 00F00D06
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Locale$AllocatorDebugHeapInfoProcessorVirtual$Base::Concurrency::Concurrency::details::ContextDefaultIdentityLanguageNameQueueRootRoot::UserWorkstd::bad_exception::~bad_exception
                                                                                                                      • String ID: unknown
                                                                                                                      • API String ID: 2721155093-2904991687
                                                                                                                      • Opcode ID: 4a54850cc48f6b844c3a826f8aa150100ceda8c68063425608e4929c18a2b091
                                                                                                                      • Instruction ID: a7f614a93fd6910ce8a31c8e4a6a13cb2e2e3858ca635343194db8a877426d33
                                                                                                                      • Opcode Fuzzy Hash: 4a54850cc48f6b844c3a826f8aa150100ceda8c68063425608e4929c18a2b091
                                                                                                                      • Instruction Fuzzy Hash: 31414EB1D1024CEBCB04EBE4D996BEEBBF4AF19300F244159F5057B282DB756A05CBA1
                                                                                                                      Function 00F08B20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::bad_exception::bad_exception.LIBCMTD ref: 00F08B50
                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00000000,01067114,length,?,?,00F00AE7,00000000,?), ref: 00F08B69
                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000000,00000000,01067114,length,?,?,00F00AE7,00000000,?), ref: 00F08B6F
                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMTD ref: 00F08B80
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$AllocProcessstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID: length
                                                                                                                      • API String ID: 975848983-25009842
                                                                                                                      • Opcode ID: ab141d1e20f4613cb14621c9ea882ddd43fd77562de79167382292415cb57379
                                                                                                                      • Instruction ID: aeec467cb070d2c67b1f1e9fb0ab933e678c97bebe94e56c249de279999a1906
                                                                                                                      • Opcode Fuzzy Hash: ab141d1e20f4613cb14621c9ea882ddd43fd77562de79167382292415cb57379
                                                                                                                      • Instruction Fuzzy Hash: 1F114F70E00208EFDB04EFA4C992BADB7B5AF48310F108199E9456B381DB75AF40DB90
                                                                                                                      Function 00FF41AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002,?,?,?,00EA838D,?,?), ref: 00FF41BF
                                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,?,?,?,00000000,00000000,?,?,?,00EA838D,?,?), ref: 00FF41E1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FormatInfoLocaleMessage
                                                                                                                      • String ID: !x-sys-default-locale
                                                                                                                      • API String ID: 4235545615-2729719199
                                                                                                                      • Opcode ID: 12dcf5c41dbd1dc2d8ed5bdae9dbd51c60b8e45e48f67ff8f165c8f196ae115a
                                                                                                                      • Instruction ID: 1662a72ade4619811b4b63e197bee305fd2a1bb5dd87f25e46c5c4587f89fb28
                                                                                                                      • Opcode Fuzzy Hash: 12dcf5c41dbd1dc2d8ed5bdae9dbd51c60b8e45e48f67ff8f165c8f196ae115a
                                                                                                                      • Instruction Fuzzy Hash: 64E039B6160108BFFB14ABA0DC4BDFB7A6CEB05751F004118BA45E6294E2B56E00DBA0
                                                                                                                      Function 0100E4EB Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0100E5E3
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0100E5ED
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 0100E5FA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3906539128-0
                                                                                                                      • Opcode ID: 96c16dc649db1b693144b921acea0261084d29af0ea62eff70234a135cf01423
                                                                                                                      • Instruction ID: 108fe95698e534f830848603cf9bb559bb6cb472a55c2dfe521cbaf0356d933b
                                                                                                                      • Opcode Fuzzy Hash: 96c16dc649db1b693144b921acea0261084d29af0ea62eff70234a135cf01423
                                                                                                                      • Instruction Fuzzy Hash: 08310674901229ABDB22DF28D9887CCBBF8BF18710F5045EAE44CA7290E7719F818F45
                                                                                                                      Function 00FF84DF Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,00FF437F,?,?,?,?,00F0F14B,?,?,00F0F3D4,?), ref: 00FF84F8
                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00FF437F,?,?,?,?,00F0F14B,?,?,00F0F3D4,?), ref: 00FF84FC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Time$FileSystem$Precise
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 743729956-0
                                                                                                                      • Opcode ID: 1863b8de739730313ee4b472841e3fabc288ef63b054347753d1db4d32aba223
                                                                                                                      • Instruction ID: 327f67a7973d5046374fdf591f579dab67592b333883ce3540011f167f5f8b12
                                                                                                                      • Opcode Fuzzy Hash: 1863b8de739730313ee4b472841e3fabc288ef63b054347753d1db4d32aba223
                                                                                                                      • Instruction Fuzzy Hash: FED0A972A410399B8B226B84B8048ACBB18AE08BB03080019FA0A632288F261800ABC4
                                                                                                                      Function 00EB2AE0 Relevance: 70.5, APIs: 35, Strings: 5, Instructions: 480COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EB2CEB
                                                                                                                      • GetWindowTextW.USER32(?,?,00000100), ref: 00EB2D04
                                                                                                                      • task.LIBCPMTD ref: 00EB2D1F
                                                                                                                      • task.LIBCPMTD ref: 00EB2D2E
                                                                                                                      • task.LIBCPMTD ref: 00EB2D3D
                                                                                                                      • task.LIBCPMTD ref: 00EB2D4C
                                                                                                                      • task.LIBCPMTD ref: 00EB2D5E
                                                                                                                      • EnumChildWindows.USER32(?,00EB2AE0,00000001), ref: 00EB2DF1
                                                                                                                      • EnumChildWindows.USER32(?,00EB2AE0,00000002), ref: 00EB2E02
                                                                                                                      • EnumChildWindows.USER32(?,00EB2AE0,00000003), ref: 00EB2E13
                                                                                                                      • task.LIBCPMTD ref: 00EB2E2A
                                                                                                                      • task.LIBCPMTD ref: 00EB2E39
                                                                                                                      • task.LIBCPMTD ref: 00EB2E48
                                                                                                                      • task.LIBCPMTD ref: 00EB2E57
                                                                                                                      • task.LIBCPMTD ref: 00EB2E69
                                                                                                                      • task.LIBCPMTD ref: 00EB2FC3
                                                                                                                      • task.LIBCPMTD ref: 00EB2FD2
                                                                                                                      • task.LIBCPMTD ref: 00EB2FE1
                                                                                                                      • task.LIBCPMTD ref: 00EB2FF0
                                                                                                                      • task.LIBCPMTD ref: 00EB3002
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$ChildEnumWindows$Base::ClassConcurrency::details::ContextIdentityNameQueueTextWindowWork
                                                                                                                      • String ID: =====> %ws FOUND <=====$Shell_TrayWnd$Start$TrayButton$TrayDummySearchControl
                                                                                                                      • API String ID: 104865975-2840285642
                                                                                                                      • Opcode ID: 8550d1dfa87b03073457ea7d523ce32cf3e0c9d7be5dc0d51048a47a6e488901
                                                                                                                      • Instruction ID: a12a0a469222a45e10aaba75ddc7dc4b194115385564876b2651a36926bd99fa
                                                                                                                      • Opcode Fuzzy Hash: 8550d1dfa87b03073457ea7d523ce32cf3e0c9d7be5dc0d51048a47a6e488901
                                                                                                                      • Instruction Fuzzy Hash: 92226C71C00258DBDB14EBA4CC56BEEBBB5AF19300F14959CE4497B282DB746B84CF92
                                                                                                                      Function 00F04DF0 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 262memorysleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F05ED0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00F05F05
                                                                                                                      • task.LIBCPMTD ref: 00F04EED
                                                                                                                      • task.LIBCPMTD ref: 00F04EFC
                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,?,?,?), ref: 00F04F03
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F050D6
                                                                                                                      • task.LIBCPMTD ref: 00F050E5
                                                                                                                      • task.LIBCPMTD ref: 00F050F4
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04EDE
                                                                                                                        • Part of subcall function 00EAB010: _DebugHeapAllocator.LIBCPMTD ref: 00EAB01E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04F73
                                                                                                                      • task.LIBCPMTD ref: 00F04F82
                                                                                                                      • task.LIBCPMTD ref: 00F04F91
                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,?,?,?,?,?), ref: 00F04F98
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F05008
                                                                                                                      • task.LIBCPMTD ref: 00F05017
                                                                                                                      • task.LIBCPMTD ref: 00F05026
                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,?,?,?,?,?,?,?), ref: 00F0502D
                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,?,?,?,?,?), ref: 00F05066
                                                                                                                        • Part of subcall function 00EDBE20: task.LIBCPMTD ref: 00EDBE79
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F05163
                                                                                                                      • task.LIBCPMTD ref: 00F05172
                                                                                                                      • task.LIBCPMTD ref: 00F05181
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Sleep$Mutex_baseMutex_base::~_std::_
                                                                                                                      • String ID: entryApp$filePath$name$oid$params$url
                                                                                                                      • API String ID: 1275526164-3070263729
                                                                                                                      • Opcode ID: b3fcdf8c6e96d91c343168b82d5e5b833bdaba2a10733911e02b55c44f76e116
                                                                                                                      • Instruction ID: dd6671389bfa93006faa30daf094bd44a9eb9a99ba6af39f9e75524df2729cc0
                                                                                                                      • Opcode Fuzzy Hash: b3fcdf8c6e96d91c343168b82d5e5b833bdaba2a10733911e02b55c44f76e116
                                                                                                                      • Instruction Fuzzy Hash: F9B13F71D0024CDBCB04EBA4DC92BEEB7B5AF15300F5480A9E0497B1D2EF752A49DBA1
                                                                                                                      Function 00F04E49 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 226memorysleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F05ED0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00F05F05
                                                                                                                      • task.LIBCPMTD ref: 00F04EED
                                                                                                                      • task.LIBCPMTD ref: 00F04EFC
                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,?,?,?), ref: 00F04F03
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F050D6
                                                                                                                      • task.LIBCPMTD ref: 00F050E5
                                                                                                                      • task.LIBCPMTD ref: 00F050F4
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04EDE
                                                                                                                        • Part of subcall function 00EAB010: _DebugHeapAllocator.LIBCPMTD ref: 00EAB01E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04F73
                                                                                                                      • task.LIBCPMTD ref: 00F04F82
                                                                                                                      • task.LIBCPMTD ref: 00F04F91
                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,?,?,?,?,?), ref: 00F04F98
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F05008
                                                                                                                      • task.LIBCPMTD ref: 00F05017
                                                                                                                      • task.LIBCPMTD ref: 00F05026
                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,?,?,?,?,?,?,?), ref: 00F0502D
                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,?,?,?,?,?), ref: 00F05066
                                                                                                                        • Part of subcall function 00EDBE20: task.LIBCPMTD ref: 00EDBE79
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F05163
                                                                                                                      • task.LIBCPMTD ref: 00F05172
                                                                                                                      • task.LIBCPMTD ref: 00F05181
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Sleep$Mutex_baseMutex_base::~_std::_
                                                                                                                      • String ID: entryApp$filePath$name$oid$params$url
                                                                                                                      • API String ID: 1275526164-3070263729
                                                                                                                      • Opcode ID: b16a182b898f451a8d48e3ae0cb1727243c91c7524b622e415c1bdb2bad60450
                                                                                                                      • Instruction ID: 86bc18f220e7728d86bd933d781c064f41480b2b16003e17b7c01a54c3d81fbf
                                                                                                                      • Opcode Fuzzy Hash: b16a182b898f451a8d48e3ae0cb1727243c91c7524b622e415c1bdb2bad60450
                                                                                                                      • Instruction Fuzzy Hash: 6C912D70D0025CDBCB04EBA0DC91BEEB7B5AF15300F5490A9E049BB192EF742B49DBA1
                                                                                                                      Function 00F14370 Relevance: 38.9, APIs: 17, Strings: 5, Instructions: 415COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDEF6E
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDEF7D
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDF04C
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDF05B
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDF067
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDF076
                                                                                                                        • Part of subcall function 00F12790: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F127D4
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDEB6C
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDEC93
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDECA2
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDECB1
                                                                                                                      • task.LIBCPMTD ref: 00F14563
                                                                                                                      • task.LIBCPMTD ref: 00F14572
                                                                                                                      • task.LIBCPMTD ref: 00F14581
                                                                                                                        • Part of subcall function 00EAACF0: task.LIBCPMTD ref: 00EAACFA
                                                                                                                      • task.LIBCPMTD ref: 00F14611
                                                                                                                        • Part of subcall function 00F12B70: shared_ptr.LIBCMTD ref: 00F12B86
                                                                                                                      • type_info::name.LIBCMTD ref: 00F14681
                                                                                                                      • task.LIBCPMTD ref: 00F14749
                                                                                                                      • task.LIBCPMTD ref: 00F14758
                                                                                                                      • task.LIBCPMTD ref: 00F14845
                                                                                                                      • task.LIBCPMTD ref: 00F14854
                                                                                                                      • task.LIBCPMTD ref: 00F14863
                                                                                                                      • task.LIBCPMTD ref: 00F148E6
                                                                                                                      • task.LIBCPMTD ref: 00F14927
                                                                                                                        • Part of subcall function 00F13230: std::bad_exception::~bad_exception.LIBCMTD ref: 00F13248
                                                                                                                      • task.LIBCPMTD ref: 00F14B50
                                                                                                                      • task.LIBCPMTD ref: 00F14B5F
                                                                                                                      • task.LIBCPMTD ref: 00F14B6E
                                                                                                                      • task.LIBCPMTD ref: 00F14B7D
                                                                                                                      • task.LIBCPMTD ref: 00F14B8F
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDECCC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$ProcessorVirtual$Concurrency::RootRoot::shared_ptrstd::bad_exception::~bad_exceptiontype_info::name
                                                                                                                      • String ID: \HRDR_places.sqlite$\Mozilla\Firefox\Profiles\$\places.sqlite$appdata$temp
                                                                                                                      • API String ID: 782639390-1746454586
                                                                                                                      • Opcode ID: f844f868695859fcaeb3d2d7d0bd654705eb11ab3db10c4aa5985f73aeabe642
                                                                                                                      • Instruction ID: bc424bd6491bd9321ca09a5ce4ccaa2a990fbfbbc0142768576bbffb99be7d53
                                                                                                                      • Opcode Fuzzy Hash: f844f868695859fcaeb3d2d7d0bd654705eb11ab3db10c4aa5985f73aeabe642
                                                                                                                      • Instruction Fuzzy Hash: 32122A71D01258DBDB14EBA4CD96BDDBBB4AF5A304F5480E9E00977242EB342B84DF92
                                                                                                                      Function 00ED2E30 Relevance: 37.2, APIs: 12, Strings: 9, Instructions: 456memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED2E9F
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00ED2EC8
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA7DB0: OpenEventW.KERNEL32(00100000,00000001,00000000), ref: 00EA7E75
                                                                                                                        • Part of subcall function 00EA7DB0: task.LIBCPMTD ref: 00EA7E97
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED305D
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED308E
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00E998D0: CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00E9990B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED311D
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED314E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED31D1
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED3214
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED32B5
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED32F8
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED3399
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED33DC
                                                                                                                        • Part of subcall function 00EB42D0: WaitForMultipleObjects.KERNEL32(?,?,00000000,0000000A), ref: 00EB4316
                                                                                                                        • Part of subcall function 00EAA910: CloseHandle.KERNEL32(?), ref: 00EAA942
                                                                                                                      Strings
                                                                                                                      • Software\Microsoft\Windows\DWM, xrefs: 00ED2F21
                                                                                                                      • ColorPrevalence, xrefs: 00ED2FA2
                                                                                                                      • ClosingEvent, xrefs: 00ED2E6F
                                                                                                                      • EnableTransparency, xrefs: 00ED2FCD
                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 00ED2F4C
                                                                                                                      • ColorizationColor, xrefs: 00ED2F77
                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Themes\Personalize, xrefs: 00ED2EF6
                                                                                                                      • TaskbarAl, xrefs: 00ED3030
                                                                                                                      • SystemUsesLightTheme, xrefs: 00ED2FF8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Event$Create$Base::CloseConcurrency::details::ContextHandleIdentityMultipleObjectsOpenQueueWaitWork
                                                                                                                      • String ID: ClosingEvent$ColorPrevalence$ColorizationColor$EnableTransparency$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced$Software\Microsoft\Windows\CurrentVersion\Themes\Personalize$Software\Microsoft\Windows\DWM$SystemUsesLightTheme$TaskbarAl
                                                                                                                      • API String ID: 3183893177-2470191940
                                                                                                                      • Opcode ID: 6c221b971e7355c89745f4ceda8908183258b94405eb1f6a34a38b263589ee79
                                                                                                                      • Instruction ID: 14016a8596c9db2fc4a94413d84ff61fe8f476be5ed394686e0dedd9e6b2e446
                                                                                                                      • Opcode Fuzzy Hash: 6c221b971e7355c89745f4ceda8908183258b94405eb1f6a34a38b263589ee79
                                                                                                                      • Instruction Fuzzy Hash: C3125BB1D112589BCB14EBA8DD46BDDBBB4AF59300F1085DDE5097B242EB702B44CFA2
                                                                                                                      Function 00F06360 Relevance: 37.1, APIs: 14, Strings: 7, Instructions: 399registrymemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 00F0642B
                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00F06476
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000200), ref: 00F064F2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F06641
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F06684
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,?), ref: 00F06862
                                                                                                                      • task.LIBCPMTD ref: 00F06880
                                                                                                                      • task.LIBCPMTD ref: 00F0689B
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 00F06913
                                                                                                                      • RegCloseKey.ADVAPI32(D), ref: 00F0692B
                                                                                                                      • task.LIBCPMTD ref: 00F0693F
                                                                                                                      • task.LIBCPMTD ref: 00F06951
                                                                                                                        • Part of subcall function 00F04AF0: RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00F04BE9
                                                                                                                      • task.LIBCPMTD ref: 00F06969
                                                                                                                      • task.LIBCPMTD ref: 00F0697B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeapValue$Open$Base::CloseConcurrency::details::ContextDeleteFileIdentityModuleNameQueryQueueWork
                                                                                                                      • String ID: "%ws" %ws %ws$/init$D$PCAppStore$Software\Microsoft\Windows\CurrentVersion\Run$app_param_changed$product
                                                                                                                      • API String ID: 2241995895-2882667670
                                                                                                                      • Opcode ID: 8cdc9d7c8a395db2f09a35263b7e430d27806859a3d6b7a6795a8dc01cdf3b32
                                                                                                                      • Instruction ID: dec5dd23b95236ae6e86ecbcf50f14ea958015c1600f525df5e3e3c15ef0d3a9
                                                                                                                      • Opcode Fuzzy Hash: 8cdc9d7c8a395db2f09a35263b7e430d27806859a3d6b7a6795a8dc01cdf3b32
                                                                                                                      • Instruction Fuzzy Hash: 7B024CB1D00258DBDB14EBA4CD46BDDBBB4AF59300F5481D9E5097B282EB742B44CFA1
                                                                                                                      Function 00EFE370 Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 422memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00EFE39A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE52B
                                                                                                                        • Part of subcall function 00EFF5A0: CoCreateInstance.OLE32(01054798,00000000,00000001,01054788,00000000), ref: 00EFF5EB
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE662
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE6E2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE725
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE4F7
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE4C3
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE477
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE8C0
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFE903
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextCreateCurrentDirectoryIdentityInstanceQueueWork
                                                                                                                      • String ID: "%ws\AutoUpdater.exe"$GetCurrentDirectory_failed$PCAppStoreUpdater$PT18H$product$product$task_creation_failed$tsh_creation_res=%d
                                                                                                                      • API String ID: 2054716614-881204476
                                                                                                                      • Opcode ID: 51d5ee55e16b1bf178f49234d09987131798743a3c4e4f78344bbbec56347c77
                                                                                                                      • Instruction ID: fd91766137f81a5486cbd36534ca1dd90accf10dfc3a72abed6bd57ae1f85b32
                                                                                                                      • Opcode Fuzzy Hash: 51d5ee55e16b1bf178f49234d09987131798743a3c4e4f78344bbbec56347c77
                                                                                                                      • Instruction Fuzzy Hash: 391250B1D01258DBCB14EBA4DD46BDDBBB4AF59300F5481DDE1097B242EB742B48CBA2
                                                                                                                      Function 00EB67E0 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 338windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,00000402,00000000,00000000), ref: 00EB6867
                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00EB6C64
                                                                                                                      • DefWindowProcW.USER32(?,?,000002B1,?), ref: 00EB6C7C
                                                                                                                      • DefWindowProcW.USER32(?,?,00000012,?), ref: 00EB6C94
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostProcWindow$Quit
                                                                                                                      • String ID: msg=resume_suspend$msg=suspend$product$product$system_event$system_event
                                                                                                                      • API String ID: 3552470998-2520652036
                                                                                                                      • Opcode ID: 0952a85d0fb55191faa7bd5ee60599a7b44ea096d5d75afbcb6730887dd0e61b
                                                                                                                      • Instruction ID: 0899d0029c42cf6a027a2a11af7dc2ab8c01f7209242fbe4bce931f81f0a4685
                                                                                                                      • Opcode Fuzzy Hash: 0952a85d0fb55191faa7bd5ee60599a7b44ea096d5d75afbcb6730887dd0e61b
                                                                                                                      • Instruction Fuzzy Hash: CAE191B1D00248DBCB14EFA8DD45BDEBBB4AF59304F10819DE5497B282DB746A04CFA2
                                                                                                                      Function 00EE0D00 Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 338memorytimeCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EE0D64
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • WinHttpOpen.WINHTTP(00000000,00000000,00000000), ref: 00EE0D87
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • WinHttpConnect.WINHTTP(00000000,00000000,000001BB,00000000), ref: 00EE0DFC
                                                                                                                      • GetTickCount64.KERNEL32 ref: 00EE0E3B
                                                                                                                      • WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800000), ref: 00EE10F6
                                                                                                                      • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00EE1121
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE1135
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE1145
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE1155
                                                                                                                      • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EE11D3
                                                                                                                      • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00EE11E8
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE11FB
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE120B
                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 00EE121B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Http$CloseHandle$task$OpenRequest$AllocatorBase::Concurrency::details::ConnectContextCount64DebugHeapIdentityQueueReceiveResponseSendTickTimeoutsWork
                                                                                                                      • String ID: GET$WinHTTP 1.0
                                                                                                                      • API String ID: 1429355193-1397384856
                                                                                                                      • Opcode ID: f12e08343789040079b1d445428ebb61c982cf7f52ba7032c3ead284ada6c5a4
                                                                                                                      • Instruction ID: 1ac30280cd069d1eb42ca551ae1c153f7030ee8442f7a04a05b0e06a5ed76f79
                                                                                                                      • Opcode Fuzzy Hash: f12e08343789040079b1d445428ebb61c982cf7f52ba7032c3ead284ada6c5a4
                                                                                                                      • Instruction Fuzzy Hash: D3F19EB4E002199BDB28DF99C985BEDBBB1BF48300F108199E519B7385DB746A85CF90
                                                                                                                      Function 00ECA530 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 312memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EC1E70: RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00EC1F81
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA624
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA66F
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA6C6
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA762
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA6E8
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA7C5
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA7FE
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA89A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA8DD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$task$Base::Concurrency::details::ContextIdentityOpenQueueWork
                                                                                                                      • String ID: RESTART$RUNNING$Unknown+state=%d$close_state=%ws$invalid_app_close$product
                                                                                                                      • API String ID: 2732782546-3736349495
                                                                                                                      • Opcode ID: 2ad2d5d0a9cdf036eed6f91a2a98d2cf330289ce0a5c3662387e177b121a2630
                                                                                                                      • Instruction ID: 1711a7d3b8d9a9f5d0847f926270a821f619b4028563088d5561bf86e195485c
                                                                                                                      • Opcode Fuzzy Hash: 2ad2d5d0a9cdf036eed6f91a2a98d2cf330289ce0a5c3662387e177b121a2630
                                                                                                                      • Instruction Fuzzy Hash: 8AD16FB1D01258DFCB14EBA8DD46BDDBBB5AF59304F54819DE0097B282DB342B44CBA2
                                                                                                                      Function 00F043D0 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 403memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0496C
                                                                                                                        • Part of subcall function 00ED6460: _DebugHeapAllocator.LIBCPMTD ref: 00ED648B
                                                                                                                        • Part of subcall function 00ED6460: _DebugHeapAllocator.LIBCPMTD ref: 00ED64AA
                                                                                                                      • Concurrency::details::_Condition_variable::_Condition_variable.LIBCMTD ref: 00F04450
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F046FB
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04717
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0478C
                                                                                                                        • Part of subcall function 00EB4230: _DebugHeapAllocator.LIBCPMTD ref: 00EB4267
                                                                                                                        • Part of subcall function 00EB3930: _DebugHeapAllocator.LIBCPMTD ref: 00EB3967
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0483D
                                                                                                                        • Part of subcall function 00E98C30: _DebugHeapAllocator.LIBCPMTD ref: 00E98C65
                                                                                                                        • Part of subcall function 00EE1EC0: _DebugHeapAllocator.LIBCPMTD ref: 00EE1EF0
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F048E1
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Base::Concurrency::details::Concurrency::details::_Condition_variableCondition_variable::_ContextIdentityQueueWork
                                                                                                                      • String ID: HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$a$$a$
                                                                                                                      • API String ID: 1065921653-246743695
                                                                                                                      • Opcode ID: b5daae382b86e69a8976dcb20017cce7001c5e68e2151eb222e107f4778a0d32
                                                                                                                      • Instruction ID: b75197a2ecb4ebf9af6ac0e26bfab76ec753b6352ff10ce55f3329526eff7910
                                                                                                                      • Opcode Fuzzy Hash: b5daae382b86e69a8976dcb20017cce7001c5e68e2151eb222e107f4778a0d32
                                                                                                                      • Instruction Fuzzy Hash: 470280B1C0025CDEDB14EBA4CD51BEEBBB4AF15300F5481A9E1057B292EF702B49DBA1
                                                                                                                      Function 00ED0D70 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 263memorywindowsynchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00F1A190: LoadCursorW.USER32(00000000,00007F00), ref: 00F1A1CF
                                                                                                                        • Part of subcall function 00F1A190: _DebugHeapAllocator.LIBCPMTD ref: 00F1A1E3
                                                                                                                        • Part of subcall function 00F1A190: RegisterClassW.USER32(?), ref: 00F1A214
                                                                                                                        • Part of subcall function 00F19590: _DebugHeapAllocator.LIBCPMTD ref: 00F195A6
                                                                                                                        • Part of subcall function 00F19590: FindWindowW.USER32(00000000,?), ref: 00F195C9
                                                                                                                        • Part of subcall function 00F19590: _DebugHeapAllocator.LIBCPMTD ref: 00F195ED
                                                                                                                        • Part of subcall function 00F19590: FindWindowExW.USER32(?,00000000,00000000), ref: 00F19616
                                                                                                                        • Part of subcall function 00F19590: _DebugHeapAllocator.LIBCPMTD ref: 00F1963A
                                                                                                                        • Part of subcall function 00F19590: FindWindowExW.USER32(?,00000000,00000000), ref: 00F19663
                                                                                                                        • Part of subcall function 00F19590: GetWindowRect.USER32(?,?), ref: 00F19690
                                                                                                                        • Part of subcall function 00F19590: _DebugHeapAllocator.LIBCPMTD ref: 00F196A9
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0E54
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED0E8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0EEA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0F1B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0FF6
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • TranslateMessage.USER32(?), ref: 00ED10C1
                                                                                                                      • DispatchMessageW.USER32(?), ref: 00ED10CE
                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001,?,00000004), ref: 00ED10DD
                                                                                                                      Strings
                                                                                                                      • {"app": {"init": {"engineInit": true}}}, xrefs: 00ED0DF0
                                                                                                                      • notify_widget_click, xrefs: 00ED0DC8
                                                                                                                      • {"app" : {"show_window":"notifications"}}, xrefs: 00ED0FB2
                                                                                                                      • {"app" : {"hide_window":"notifications"}}, xrefs: 00ED103E
                                                                                                                      • product, xrefs: 00ED0DA0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Window$FindMessage$Base::ClassConcurrency::details::ContextCursorDispatchIdentityLoadObjectPeekQueueRectRegisterSingleTranslateWaitWork
                                                                                                                      • String ID: notify_widget_click$product${"app" : {"hide_window":"notifications"}}${"app" : {"show_window":"notifications"}}${"app": {"init": {"engineInit": true}}}
                                                                                                                      • API String ID: 2334805372-3201597332
                                                                                                                      • Opcode ID: 82889fe53decb9a86acf9b422a84dac8964ba4bbc3502ae0bba8283db426c79e
                                                                                                                      • Instruction ID: 3107488b7ea22346d1fc07312fd63e4fc8e35e05b72b52f7c5a3200c37d7dd34
                                                                                                                      • Opcode Fuzzy Hash: 82889fe53decb9a86acf9b422a84dac8964ba4bbc3502ae0bba8283db426c79e
                                                                                                                      • Instruction Fuzzy Hash: 62B16DB1D10248DBCB14EFA4DD46BEDBBB5AF49300F10859DE5057B382DB746A44CBA2
                                                                                                                      Function 00ECC780 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 234memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,01043384), ref: 00ECC7F7
                                                                                                                        • Part of subcall function 00F04AF0: RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00F04BE9
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECC827
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 00ECC88B
                                                                                                                      • GetLastError.KERNEL32 ref: 00ECC894
                                                                                                                      • task.LIBCPMTD ref: 00ECCA8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECC945
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECC9B3
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECC9E4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextErrorExecuteFileIdentityLastModuleNameOpenQueueShellWork
                                                                                                                      • String ID: $/init %ws /restart$eCode=%lu$open$product$reload_error
                                                                                                                      • API String ID: 3085552658-2650242239
                                                                                                                      • Opcode ID: 9fad3e9a4e2d1032017edbe6faeb1c0d9a21579b2a3750655159088f25b5b181
                                                                                                                      • Instruction ID: b700dacdc17614ef795470607d6cb4f6bb5e219e3ff8c9824bbfa5da82bf48d8
                                                                                                                      • Opcode Fuzzy Hash: 9fad3e9a4e2d1032017edbe6faeb1c0d9a21579b2a3750655159088f25b5b181
                                                                                                                      • Instruction Fuzzy Hash: 23A174B1D11248DBCB04EBE4DD46BDDBBB4AF59300F14959DE1057B282EB742B04CBA2
                                                                                                                      Function 00F04AF0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00F04BE9
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000200), ref: 00F04C62
                                                                                                                      • RegCloseKey.ADVAPI32(0103A12B), ref: 00F04C7D
                                                                                                                      • task.LIBCPMTD ref: 00F04C9E
                                                                                                                      • task.LIBCPMTD ref: 00F04CB0
                                                                                                                      • RegCloseKey.ADVAPI32(0103A12B,?), ref: 00F04CCF
                                                                                                                      • task.LIBCPMTD ref: 00F04CE3
                                                                                                                      • task.LIBCPMTD ref: 00F04CF5
                                                                                                                      • RegCloseKey.ADVAPI32(0103A12B), ref: 00F04D03
                                                                                                                      • task.LIBCPMTD ref: 00F04D17
                                                                                                                      • task.LIBCPMTD ref: 00F04D29
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Close$Base::Concurrency::details::ContextIdentityOpenQueryQueueValueWork
                                                                                                                      • String ID: AppParam$Software\PCAppStore$default
                                                                                                                      • API String ID: 361158349-3084650451
                                                                                                                      • Opcode ID: eeb7873fb00d8dec083fbee2dc3da9d47a6d15ef5034b1aba916b1d84e1baf3f
                                                                                                                      • Instruction ID: c21829e712d70465f7aa112482e79c1d7a24fc73330067fbf86c38935a265935
                                                                                                                      • Opcode Fuzzy Hash: eeb7873fb00d8dec083fbee2dc3da9d47a6d15ef5034b1aba916b1d84e1baf3f
                                                                                                                      • Instruction Fuzzy Hash: DF615CB1D00248EBCB14EFE4D996BEDBBB5AF59300F10819DE5157B286DB342A05CBA1
                                                                                                                      Function 00ED0960 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 277memorysleepsynchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00ED0AA7
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0AF6
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0B58
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EDB6C0: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDB7E6
                                                                                                                        • Part of subcall function 00EDB6C0: _DebugHeapAllocator.LIBCPMTD ref: 00EDB7F2
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0B27
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0C00
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED0C34
                                                                                                                      • WaitForSingleObject.KERNEL32(?,02932E00,?,?,?,?,?,?,?,01040A98,?), ref: 00ED0CCD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::Concurrency::task_continuation_context::task_continuation_contextContextIdentityObjectQueueSingleSleepWaitWork
                                                                                                                      • String ID: gmac$pcdetails$spots$spots_list_is_empty$subs$wlanspots
                                                                                                                      • API String ID: 3068094520-3320230174
                                                                                                                      • Opcode ID: 8b76525f6b9c794b9ee38c2e5fe7c49a34e6084dae7f3a8697010c173ffabafe
                                                                                                                      • Instruction ID: 07bdf888e8b1bbfd22d8072c724927ce92be240fe78b3bcc5e7533944f35fd7a
                                                                                                                      • Opcode Fuzzy Hash: 8b76525f6b9c794b9ee38c2e5fe7c49a34e6084dae7f3a8697010c173ffabafe
                                                                                                                      • Instruction Fuzzy Hash: D0C180B1D11248DBCB04EBA8CD46BDDBBB4AF59300F54819DE5097B382DB746B04CBA2
                                                                                                                      Function 00F08380 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 176memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F05ED0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00F05F05
                                                                                                                      • task.LIBCPMTD ref: 00F08477
                                                                                                                      • task.LIBCPMTD ref: 00F08483
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F08468
                                                                                                                        • Part of subcall function 00EAB010: _DebugHeapAllocator.LIBCPMTD ref: 00EAB01E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F084F2
                                                                                                                      • task.LIBCPMTD ref: 00F08501
                                                                                                                      • task.LIBCPMTD ref: 00F08510
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0857F
                                                                                                                      • task.LIBCPMTD ref: 00F0858E
                                                                                                                      • task.LIBCPMTD ref: 00F0859D
                                                                                                                        • Part of subcall function 00EDBE20: task.LIBCPMTD ref: 00EDBE79
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Mutex_baseMutex_base::~_std::_
                                                                                                                      • String ID: icon$name$oid$path
                                                                                                                      • API String ID: 2999371377-975325445
                                                                                                                      • Opcode ID: 02ffd0ae70b51684aacf0b0324a4a466301a92d7f30ffc03ce58427c711808ad
                                                                                                                      • Instruction ID: 15da748343103111ef407599b8316853164b10e13949583ab01b05ac248d4b37
                                                                                                                      • Opcode Fuzzy Hash: 02ffd0ae70b51684aacf0b0324a4a466301a92d7f30ffc03ce58427c711808ad
                                                                                                                      • Instruction Fuzzy Hash: BE616271D0024CEBCB04EBA4DC92BEEBBB5AF55300F548159E445BB2C2EF742A45DBA1
                                                                                                                      Function 00F083D9 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 142memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F05ED0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00F05F05
                                                                                                                      • task.LIBCPMTD ref: 00F08477
                                                                                                                      • task.LIBCPMTD ref: 00F08483
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F08468
                                                                                                                        • Part of subcall function 00EAB010: _DebugHeapAllocator.LIBCPMTD ref: 00EAB01E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F084F2
                                                                                                                      • task.LIBCPMTD ref: 00F08501
                                                                                                                      • task.LIBCPMTD ref: 00F08510
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0857F
                                                                                                                      • task.LIBCPMTD ref: 00F0858E
                                                                                                                      • task.LIBCPMTD ref: 00F0859D
                                                                                                                        • Part of subcall function 00EDBE20: task.LIBCPMTD ref: 00EDBE79
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Mutex_baseMutex_base::~_std::_
                                                                                                                      • String ID: icon$name$oid$path
                                                                                                                      • API String ID: 2999371377-975325445
                                                                                                                      • Opcode ID: 6ae51b4721d3ca5335aa054bedf0d0f4a71395c7c1be60aaa1a9ab2fb958b238
                                                                                                                      • Instruction ID: d14103e9b9ea5350f7d5ce93067ccc33db0a6c213d078369a0ba763b5b773ba8
                                                                                                                      • Opcode Fuzzy Hash: 6ae51b4721d3ca5335aa054bedf0d0f4a71395c7c1be60aaa1a9ab2fb958b238
                                                                                                                      • Instruction Fuzzy Hash: D2514F70D0025D9ACF04EBA0DC91BEEB7B5AF55300F5490ADE049B7192EF742B49EBA1
                                                                                                                      Function 00F20A80 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 274memorycomCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::exception_ptr::exception_ptr.LIBCMTD ref: 00F20ADB
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F20CED
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F20C84
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F20D4C
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00F20DB0
                                                                                                                      • CoCreateInstance.OLE32(010527F4,00000000,00000001,010527E4,00ED1C21), ref: 00F20DD1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextCreateIdentityInitializeInstanceQueueWorkstd::exception_ptr::exception_ptr
                                                                                                                      • String ID: SearchApp.exe$SearchHost.exe$SearchUI.exe$ShellExperienceHost.exe$StartMenuExperienceHost.exe$explorer.exe
                                                                                                                      • API String ID: 282126490-3335880049
                                                                                                                      • Opcode ID: 3d74d33d6ca705627a166a2ea84375e9b9301617ac7ba120e5540bcd8d37c96f
                                                                                                                      • Instruction ID: 6fa152cca7691be052f914ccd6ff0dec9df19a3530779a72fc5576f04b0286d0
                                                                                                                      • Opcode Fuzzy Hash: 3d74d33d6ca705627a166a2ea84375e9b9301617ac7ba120e5540bcd8d37c96f
                                                                                                                      • Instruction Fuzzy Hash: 32C16DB1D00259DFCB04EFA8D856BAEBBB5BF59300F14859DE4457B382DB346A04CBA1
                                                                                                                      Function 00EA2110 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Iterator_baseIterator_base::_std::_
                                                                                                                      • String ID: data=
                                                                                                                      • API String ID: 2702417668-1585209485
                                                                                                                      • Opcode ID: 4446acc7b837da41b74bc2fdc3b8608dca84269ae32085c445aaa334eff5b02f
                                                                                                                      • Instruction ID: e9b57ef42885e3d67432e93cce5eef4b0dfb49ed58ba17f75a7e39f5472c6e90
                                                                                                                      • Opcode Fuzzy Hash: 4446acc7b837da41b74bc2fdc3b8608dca84269ae32085c445aaa334eff5b02f
                                                                                                                      • Instruction Fuzzy Hash: 48C16D71D00258DBDB14EBA8CD52BDEBBF4AF19300F609199E1197B292DB742F08CB91
                                                                                                                      Function 00EDC150 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Smanip$task$swap
                                                                                                                      • String ID: last_visit$title$url$visit_count
                                                                                                                      • API String ID: 1704577847-3535738862
                                                                                                                      • Opcode ID: 7307ebf08d473e9a791e98e8a0a75937988818da40d5217d2ebd7ecb467aa106
                                                                                                                      • Instruction ID: 0ac9331e85e7afbba89fcd72636525bb6a9e8da0fcba90397ee85a2edd1f0afc
                                                                                                                      • Opcode Fuzzy Hash: 7307ebf08d473e9a791e98e8a0a75937988818da40d5217d2ebd7ecb467aa106
                                                                                                                      • Instruction Fuzzy Hash: 31818BB1900258EBCB15EB94CD42FDEB7B4AF59704F0481C9E1457B2C2DB706B49CBA1
                                                                                                                      Function 00F08190 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 146sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F05ED0: std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00F05F05
                                                                                                                      • Sleep.KERNEL32(00000001,?,?), ref: 00F0823E
                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,?), ref: 00F08279
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep$Mutex_baseMutex_base::~_std::_
                                                                                                                      • String ID: lastTime$oType$oid$sessionId$url
                                                                                                                      • API String ID: 1486681731-2134128287
                                                                                                                      • Opcode ID: 3afbd45777150aa768232c7040e088d71f5f6b5d65bca09747cdd7d9c3c34671
                                                                                                                      • Instruction ID: 09fdb50aca96d77ed3bd5c18bbb80560edbc7963bb9d2202b09a4a106ac10755
                                                                                                                      • Opcode Fuzzy Hash: 3afbd45777150aa768232c7040e088d71f5f6b5d65bca09747cdd7d9c3c34671
                                                                                                                      • Instruction Fuzzy Hash: 5E51D771E00208ABCB04FBA5EC92BEE7775BF04740F548128F156761D6EF746A09EBA0
                                                                                                                      Function 00F1CC00 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 194memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00F1CC59
                                                                                                                      • GetLastError.KERNEL32 ref: 00F1CC6C
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CD00
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CD7C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CDAD
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00F1CE90: ShellExecuteW.SHELL32(00000000,open,00F1CE64,00000000,00000000,00000005), ref: 00F1CEBC
                                                                                                                        • Part of subcall function 00F1CE90: GetLastError.KERNEL32 ref: 00F1CECF
                                                                                                                        • Part of subcall function 00F1CE90: _DebugHeapAllocator.LIBCPMTD ref: 00F1CF64
                                                                                                                        • Part of subcall function 00F1CE90: _DebugHeapAllocator.LIBCPMTD ref: 00F1CFCF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$ErrorExecuteLastShell$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: $&eCode=%lu&br=%ws$open$product$showInCurrentBrowser_error
                                                                                                                      • API String ID: 556525148-1600046415
                                                                                                                      • Opcode ID: f060fc6490e9382a5d6aeacb392a6e039c276e60085fb5c9873b133aaa803bc9
                                                                                                                      • Instruction ID: 4529311007343993ab4c7bf21cce8bafe29b6e9f29a4916b0d92a96475e41a59
                                                                                                                      • Opcode Fuzzy Hash: f060fc6490e9382a5d6aeacb392a6e039c276e60085fb5c9873b133aaa803bc9
                                                                                                                      • Instruction Fuzzy Hash: 668172B1C01248EBCF04EBE4D946BDEBBB4AF59304F14855DF5057B282EB746A04CBA2
                                                                                                                      Function 00F1CE90 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 164memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00F1CE64,00000000,00000000,00000005), ref: 00F1CEBC
                                                                                                                      • GetLastError.KERNEL32 ref: 00F1CECF
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CF64
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CFCF
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1CFFD
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextErrorExecuteIdentityLastQueueShellWork
                                                                                                                      • String ID: $&eCode=%lu&br=default$open$product$showInCurrentBrowser_error
                                                                                                                      • API String ID: 2680194288-4068023289
                                                                                                                      • Opcode ID: fe1ad68dd8f6819c29212922f32bb7b8a3ba70bdff34a69e5788554225df686f
                                                                                                                      • Instruction ID: 2baf573fdfe380635c4c0ea4080625cc34e27443e6bcf0cf974516912c43580c
                                                                                                                      • Opcode Fuzzy Hash: fe1ad68dd8f6819c29212922f32bb7b8a3ba70bdff34a69e5788554225df686f
                                                                                                                      • Instruction Fuzzy Hash: 916171B1D11248EBCB04EBE4D946BDEBBB4AF59304F14815DF5057B382EB742A04CBA2
                                                                                                                      Function 00EDCB50 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 231memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDCB82
                                                                                                                        • Part of subcall function 00ED72B0: _DebugHeapAllocator.LIBCPMTD ref: 00ED7339
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EDCB8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EDCBF0
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EDCD3A
                                                                                                                        • Part of subcall function 00EAFBE0: _DebugHeapAllocator.LIBCPMTD ref: 00EAFBEE
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Base::Concurrency::details::Concurrency::task_continuation_context::task_continuation_contextContextIdentityQueueWork
                                                                                                                      • String ID: %5B$%5B$%5D$%5D
                                                                                                                      • API String ID: 3908625658-3613181305
                                                                                                                      • Opcode ID: 98325d261e528588f9fe0edc3846f6799b83607fde9876d46452731629dc0269
                                                                                                                      • Instruction ID: b2ef72fb476463fea927225c865316ef3c3641d0d5f1b8f11485d3e649f529ac
                                                                                                                      • Opcode Fuzzy Hash: 98325d261e528588f9fe0edc3846f6799b83607fde9876d46452731629dc0269
                                                                                                                      • Instruction Fuzzy Hash: 9FA16D71C05248DBCB05DBA4DD51BDEBBB5AF59300F1480ADE1457B292EB706F09CBA1
                                                                                                                      Function 00EDA7E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: bad conversion
                                                                                                                      • API String ID: 1384045349-2629740042
                                                                                                                      • Opcode ID: 3161e1af43604747994aa4180e5d714e3128670e2f3d72bf7ddb5c0e95460ee2
                                                                                                                      • Instruction ID: 98791b9a978e98eee02df5a9a8feddadf815ed03c6c60b79f4a512b70ea8aed6
                                                                                                                      • Opcode Fuzzy Hash: 3161e1af43604747994aa4180e5d714e3128670e2f3d72bf7ddb5c0e95460ee2
                                                                                                                      • Instruction Fuzzy Hash: 88713070914109DFCB08DF94C891AFEB7B1FF49304F24952AE455BB391DB30AA42DB92
                                                                                                                      Function 00EFE1B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 125COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F089F0: task.LIBCPMTD ref: 00F08AD2
                                                                                                                        • Part of subcall function 00F089F0: task.LIBCPMTD ref: 00F08ADE
                                                                                                                        • Part of subcall function 00F089F0: task.LIBCPMTD ref: 00F08AEA
                                                                                                                        • Part of subcall function 00F089F0: task.LIBCPMTD ref: 00F08AFC
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB52E
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB53A
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB546
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB558
                                                                                                                      • task.LIBCPMTD ref: 00EFE2C5
                                                                                                                      • task.LIBCPMTD ref: 00EFE2D4
                                                                                                                      • task.LIBCPMTD ref: 00EFE2E3
                                                                                                                      • task.LIBCPMTD ref: 00EFE2F2
                                                                                                                      • task.LIBCPMTD ref: 00EFE2FE
                                                                                                                      • task.LIBCPMTD ref: 00EFE30D
                                                                                                                      • task.LIBCPMTD ref: 00EFE34C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: parse error$parse_error
                                                                                                                      • API String ID: 1384045349-1820534363
                                                                                                                      • Opcode ID: 539821abcbe4385143000c300ccd0c59fd5cbbc38798824d7ea6159b85ef757b
                                                                                                                      • Instruction ID: 1f83b3155044c1deb2c381ef89d394ea284a1a4b0cbccbf9a5d77d4f3b8bf880
                                                                                                                      • Opcode Fuzzy Hash: 539821abcbe4385143000c300ccd0c59fd5cbbc38798824d7ea6159b85ef757b
                                                                                                                      • Instruction Fuzzy Hash: 0551E8B5D04248EBCF04DFA8D881BEEBBF5BB49304F14816DE519B7242D7346A45CBA1
                                                                                                                      Function 00EA80C0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                      • String ID: bad locale name
                                                                                                                      • API String ID: 3904239083-1405518554
                                                                                                                      • Opcode ID: 034c6f7f371b8fa72bdf36bd53c1116479ed727b3a26a6070d798a760b2cb424
                                                                                                                      • Instruction ID: c8844b1ddf7f9abcc64820ce632d05f1a13cf3e2a47491b4fe04b282ad4ebd06
                                                                                                                      • Opcode Fuzzy Hash: 034c6f7f371b8fa72bdf36bd53c1116479ed727b3a26a6070d798a760b2cb424
                                                                                                                      • Instruction Fuzzy Hash: 7021AEB090428DDBCB04EBA8CD51BBEBBB1BF09708F14415CE0623B382CB746A00C7A1
                                                                                                                      Function 00EAE4AA Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 257memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE5A0
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE5F6
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE6F2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE800
                                                                                                                      Strings
                                                                                                                      • installed, xrefs: 00EAE55D
                                                                                                                      • {"app":{"%ws":{"app_status":{"name":"%ws","status":"%ws"}}}}, xrefs: 00EAE501
                                                                                                                      • none, xrefs: 00EAE52F
                                                                                                                      • {"app" : {"%ws" : {"dl_app_result" : {"status" : %d}}}}, xrefs: 00EAE4C7
                                                                                                                      • E, xrefs: 00EAE8DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap
                                                                                                                      • String ID: E$installed$none${"app" : {"%ws" : {"dl_app_result" : {"status" : %d}}}}${"app":{"%ws":{"app_status":{"name":"%ws","status":"%ws"}}}}
                                                                                                                      • API String ID: 3843943072-162842736
                                                                                                                      • Opcode ID: 01727293d9078668989aa014267e7b128e807af390e55ed65275485510d4e0d8
                                                                                                                      • Instruction ID: 0a68d9e83e31567efca7d70eb347ad3a03970b07d9ccd1ffdb0c90b07eec74f9
                                                                                                                      • Opcode Fuzzy Hash: 01727293d9078668989aa014267e7b128e807af390e55ed65275485510d4e0d8
                                                                                                                      • Instruction Fuzzy Hash: 84C138B1D052589BCB25EBA8CC45BEDB7B5AF59300F1081DDE1097B242DB346B84CF61
                                                                                                                      Function 00EAE4B5 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 256memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE5A0
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE5F6
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE6F2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE800
                                                                                                                      Strings
                                                                                                                      • installed, xrefs: 00EAE55D
                                                                                                                      • {"app":{"%ws":{"app_status":{"name":"%ws","status":"%ws"}}}}, xrefs: 00EAE501
                                                                                                                      • none, xrefs: 00EAE52F
                                                                                                                      • {"app" : {"%ws" : {"dl_app_result" : {"status" : %d}}}}, xrefs: 00EAE4C7
                                                                                                                      • E, xrefs: 00EAE8DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap
                                                                                                                      • String ID: E$installed$none${"app" : {"%ws" : {"dl_app_result" : {"status" : %d}}}}${"app":{"%ws":{"app_status":{"name":"%ws","status":"%ws"}}}}
                                                                                                                      • API String ID: 3843943072-162842736
                                                                                                                      • Opcode ID: 55cf805c9726336096045f95af828644912046e6f8c50c0bc4c0df3643d37d59
                                                                                                                      • Instruction ID: c96a64dbc314891b95e8265fcee207bf12e5a7e8b4a31b5b05d009911cfc874a
                                                                                                                      • Opcode Fuzzy Hash: 55cf805c9726336096045f95af828644912046e6f8c50c0bc4c0df3643d37d59
                                                                                                                      • Instruction Fuzzy Hash: D0C137B1D012589BCB25EBA8CC45BEDB7B9AF59300F1081DDE1097B242DB346B84CFA1
                                                                                                                      Function 00FD8860 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 244COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: Start$ToggleButton
                                                                                                                      • API String ID: 1384045349-2452787978
                                                                                                                      • Opcode ID: 409d6309a40e57993d20c0811455f10f126799a12e4874014dec5348d3b0af24
                                                                                                                      • Instruction ID: a5314bb46572ef2d8bb224a555907a233d05c1c20c2ecd33efbafa22885bcaed
                                                                                                                      • Opcode Fuzzy Hash: 409d6309a40e57993d20c0811455f10f126799a12e4874014dec5348d3b0af24
                                                                                                                      • Instruction Fuzzy Hash: 71B148B1D00259DFCB15DFA4C891AEEFBB1BF89310F248259E0557B292DB346A46CF90
                                                                                                                      Function 00ECC410 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 199memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EFD5D0: SHQueryUserNotificationState.SHELL32(00ECC448), ref: 00EFD5D8
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECC52B
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECC630
                                                                                                                      • task.LIBCPMTD ref: 00ECC663
                                                                                                                      • task.LIBCPMTD ref: 00ECC672
                                                                                                                      Strings
                                                                                                                      • contextual, xrefs: 00ECC4BD
                                                                                                                      • {"app":{"offer":{"offerInfo":{"oid":%d,"otype":"contextual"}},"show_window":"offer"}}, xrefs: 00ECC472
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeaptask$Base::Concurrency::details::ContextIdentityNotificationQueryQueueStateUserWork
                                                                                                                      • String ID: contextual${"app":{"offer":{"offerInfo":{"oid":%d,"otype":"contextual"}},"show_window":"offer"}}
                                                                                                                      • API String ID: 2098862960-4147187127
                                                                                                                      • Opcode ID: 8a59bebd31b26179a0ec57310797078bec7c16744dafcf1e89009b4a3b64fa42
                                                                                                                      • Instruction ID: eacfaf17d75c312fec0f34f7f3d9b4dba2c0b3e2092781d5abaebd84e28c6b90
                                                                                                                      • Opcode Fuzzy Hash: 8a59bebd31b26179a0ec57310797078bec7c16744dafcf1e89009b4a3b64fa42
                                                                                                                      • Instruction Fuzzy Hash: 0B915F71D01248DBCB04EFE4C956BEDBBF5AF59300F14919DE4057B282DB342A05CBA2
                                                                                                                      Function 00F00E20 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 196memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F00E70
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00F010C0: CoCreateInstance.OLE32(01054798,00000000,00000001,01054788,00000000), ref: 00F0110B
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F00F62
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F00FD0
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F01001
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextCreateIdentityInstanceQueueWork
                                                                                                                      • String ID: PCAppStoreUpdater$product$task_creation_failed$tsh_deletion_res=%d
                                                                                                                      • API String ID: 1599445216-2291250151
                                                                                                                      • Opcode ID: d7a6392db5edcec795976fdeaca4b047919e9e6f6fbde35e6dc5d259b5cd96ba
                                                                                                                      • Instruction ID: 50738dcdcde143b9231dea741e45575b9eb63fda867a0f0a21d6cf3e6cfdb0f1
                                                                                                                      • Opcode Fuzzy Hash: d7a6392db5edcec795976fdeaca4b047919e9e6f6fbde35e6dc5d259b5cd96ba
                                                                                                                      • Instruction Fuzzy Hash: 158152B1C11248DACF04EBE4D946BDDBBB4AF59300F14815DE4057B282EB746B08CBA2
                                                                                                                      Function 00F14BB0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 162COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      • d, xrefs: 00F14CC8
                                                                                                                      • SELECT moz_places.url, moz_places.title, moz_places.visit_count, moz_historyvisits.visit_date/1000000 AS visit_time FROM moz_places JOIN moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND visit_time/1000000 > %d ORDER BY visit_time DESC, xrefs: 00F14BF2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: SELECT moz_places.url, moz_places.title, moz_places.visit_count, moz_historyvisits.visit_date/1000000 AS visit_time FROM moz_places JOIN moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND visit_time/1000000 > %d ORDER BY visit_time DESC$d
                                                                                                                      • API String ID: 1384045349-3669390177
                                                                                                                      • Opcode ID: f44b0732cdf04bc09903556240129d5131b2771b9f7d3f5e6bbcf824cce76fc8
                                                                                                                      • Instruction ID: 63f5ec6a6e5cfa06dbef0744eef4760ffc49a75ad524c05c58c0a0db72eb57dc
                                                                                                                      • Opcode Fuzzy Hash: f44b0732cdf04bc09903556240129d5131b2771b9f7d3f5e6bbcf824cce76fc8
                                                                                                                      • Instruction Fuzzy Hash: DB5170B2D10208DBDB04EFA4DC82FEEB7B8AF58310F14455DE5157B282EB356A45CBA1
                                                                                                                      Function 01008350 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,2FF94052), ref: 010083D9
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 01008454
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 0100845F
                                                                                                                      • _com_issue_error.COMSUPP ref: 01008488
                                                                                                                      • _com_issue_error.COMSUPP ref: 01008492
                                                                                                                      • GetLastError.KERNEL32(80070057,2FF94052), ref: 01008497
                                                                                                                      • _com_issue_error.COMSUPP ref: 010084AA
                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 010084C0
                                                                                                                      • _com_issue_error.COMSUPP ref: 010084D3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1353541977-0
                                                                                                                      • Opcode ID: 13625f999f86631965c8844f8e82442957a943b12ad71c778c0f11cb3dd7a6c9
                                                                                                                      • Instruction ID: 18200048039e0fef4b4627cd05484507f7d6bb111247c69ecc24fc7d25364a83
                                                                                                                      • Opcode Fuzzy Hash: 13625f999f86631965c8844f8e82442957a943b12ad71c778c0f11cb3dd7a6c9
                                                                                                                      • Instruction Fuzzy Hash: 6B41C8B1E00205DBEB119F68D844BEEBBE8BB48610F15C26EF595E72C0DB35950087A5
                                                                                                                      Function 00F22110 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 243memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00F221F4
                                                                                                                        • Part of subcall function 00F22B30: _WChar_traits.LIBCPMTD ref: 00F22B3D
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F22359
                                                                                                                      • task.LIBCPMTD ref: 00F223EA
                                                                                                                      • task.LIBCPMTD ref: 00F2241D
                                                                                                                      Strings
                                                                                                                      • {"app": {"menu_search" : {"search_request":"%ws", "page":"a"}}}, xrefs: 00F2216A
                                                                                                                      • \u%0.4x, xrefs: 00F2232E
                                                                                                                      • {"app": {"hide_window": "menu_search"}}, xrefs: 00F2213C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorChar_traitsDebugFreeHeapString
                                                                                                                      • String ID: \u%0.4x${"app": {"hide_window": "menu_search"}}${"app": {"menu_search" : {"search_request":"%ws", "page":"a"}}}
                                                                                                                      • API String ID: 283663323-1521549704
                                                                                                                      • Opcode ID: 025b1dca5bd91917ebb4f9a4fed1bc0524ca82a771ff0aa40269f002c7811d97
                                                                                                                      • Instruction ID: d47a16c887d6cb755c2748e500a57ebdc48b574cba1a246d13b9a6ec175c644c
                                                                                                                      • Opcode Fuzzy Hash: 025b1dca5bd91917ebb4f9a4fed1bc0524ca82a771ff0aa40269f002c7811d97
                                                                                                                      • Instruction Fuzzy Hash: 22B17071C00258EFCF14EFA4D985BEEBBB5BF59300F108199E545BB282DB346A44CBA1
                                                                                                                      Function 00EEA810 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 196COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EFE0E0: task.LIBCPMTD ref: 00EFE152
                                                                                                                        • Part of subcall function 00EFE0E0: task.LIBCPMTD ref: 00EFE15E
                                                                                                                        • Part of subcall function 00EFE0E0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EFE173
                                                                                                                        • Part of subcall function 00EFE0E0: task.LIBCPMTD ref: 00EFE18B
                                                                                                                        • Part of subcall function 0100A65E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EBB11C,?,?,?,?,00EBB11C,?,01063DA4,?,?,00E9D9BF), ref: 0100A6BE
                                                                                                                      • task.LIBCPMTD ref: 00EEA880
                                                                                                                      • task.LIBCPMTD ref: 00EEA90D
                                                                                                                      Strings
                                                                                                                      • cannot use erase() with , xrefs: 00EEAA33
                                                                                                                      • iterator does not fit current value, xrefs: 00EEA839
                                                                                                                      • iterator out of range, xrefs: 00EEA8C6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorExceptionRaise
                                                                                                                      • String ID: cannot use erase() with $iterator does not fit current value$iterator out of range
                                                                                                                      • API String ID: 2403370058-3306149458
                                                                                                                      • Opcode ID: 8edaaa793db64c6584e60eda90d03e03148adef73991c00824a0b204ab8b2b4b
                                                                                                                      • Instruction ID: 2d381c0fc979010a32cffe4736c30b288ea33cd628801555895c52a12d00e686
                                                                                                                      • Opcode Fuzzy Hash: 8edaaa793db64c6584e60eda90d03e03148adef73991c00824a0b204ab8b2b4b
                                                                                                                      • Instruction Fuzzy Hash: 4C816BB5D00209DFCB04EF94DC91EEEB7B4BF48300F149669E5197B282EB706A45CBA1
                                                                                                                      Function 00F22CB0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 196COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EFE020: EnumWindows.USER32(00EF6350,?), ref: 00EFE05A
                                                                                                                        • Part of subcall function 00EFE020: shared_ptr.LIBCMTD ref: 00EFE067
                                                                                                                      • task.LIBCPMTD ref: 00F22D44
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F22D93
                                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00F22DA9
                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00F22DB4
                                                                                                                      • task.LIBCPMTD ref: 00F22F10
                                                                                                                        • Part of subcall function 00ECD6D0: _DebugHeapAllocator.LIBCPMTD ref: 00ECD6F0
                                                                                                                      • task.LIBCPMTD ref: 00F22F54
                                                                                                                      Strings
                                                                                                                      • {"app":{"menu_search":{"top":%d,"left":%d,"bottom":%d,"right":%d}}}, xrefs: 00F22E77
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$MetricsSystem$AllocatorBase::Concurrency::details::ContextDebugEnumHeapIdentityQueueRectWindowWindowsWorkshared_ptr
                                                                                                                      • String ID: {"app":{"menu_search":{"top":%d,"left":%d,"bottom":%d,"right":%d}}}
                                                                                                                      • API String ID: 1033610726-1772490695
                                                                                                                      • Opcode ID: 249a1f2e79b9a410f72913303cd7a69fc13860460b466611076ce4f6d4b87f62
                                                                                                                      • Instruction ID: bc0c57b996eb9145ee88f0cfee25edc80f3a0861f32a1af926b31623ff38bdad
                                                                                                                      • Opcode Fuzzy Hash: 249a1f2e79b9a410f72913303cd7a69fc13860460b466611076ce4f6d4b87f62
                                                                                                                      • Instruction Fuzzy Hash: 77813DB1C006089BCB05EFE4D955BEEFBB5AF59300F108259E4167B246EB346A45CFA1
                                                                                                                      Function 00F04425 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 175memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0496C
                                                                                                                        • Part of subcall function 00ED6460: _DebugHeapAllocator.LIBCPMTD ref: 00ED648B
                                                                                                                        • Part of subcall function 00ED6460: _DebugHeapAllocator.LIBCPMTD ref: 00ED64AA
                                                                                                                      • Concurrency::details::_Condition_variable::_Condition_variable.LIBCMTD ref: 00F04450
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F046FB
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04717
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0478C
                                                                                                                        • Part of subcall function 00EB4230: _DebugHeapAllocator.LIBCPMTD ref: 00EB4267
                                                                                                                        • Part of subcall function 00EB3930: _DebugHeapAllocator.LIBCPMTD ref: 00EB3967
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F0483D
                                                                                                                        • Part of subcall function 00E98C30: _DebugHeapAllocator.LIBCPMTD ref: 00E98C65
                                                                                                                        • Part of subcall function 00EE1EC0: _DebugHeapAllocator.LIBCPMTD ref: 00EE1EF0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Concurrency::details::_Condition_variableCondition_variable::_
                                                                                                                      • String ID: HKEY_CLASSES_ROOT$a$
                                                                                                                      • API String ID: 1331364838-1344197476
                                                                                                                      • Opcode ID: cfcf8a3c2a694fe5fac2de5c914d59119865a21c75a6e8aa578cc11126d501f0
                                                                                                                      • Instruction ID: f204749e26adc82cc0dd4d339fd9320d749086dd02d50da9008d405966393902
                                                                                                                      • Opcode Fuzzy Hash: cfcf8a3c2a694fe5fac2de5c914d59119865a21c75a6e8aa578cc11126d501f0
                                                                                                                      • Instruction Fuzzy Hash: 9E7181B1D00248EECB04EBA4DC91BEEBBB4AF55300F548199F1157B2D2DB702B49DBA1
                                                                                                                      Function 00ECA310 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 160memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32 ref: 00ECA347
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA3DC
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA447
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA475
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextErrorIdentityLastQueueWork
                                                                                                                      • String ID: eCode=%lu$product$taskbar_handler_error
                                                                                                                      • API String ID: 1687786933-2493891406
                                                                                                                      • Opcode ID: be01fa8ab98164bf40de3ec1d4dfea686fd13856f09736343621e6fe73a25f0e
                                                                                                                      • Instruction ID: 36aac49e37d4412bf03d8c97496d9fe1a890809584757820b9954ea8a9c85ed8
                                                                                                                      • Opcode Fuzzy Hash: be01fa8ab98164bf40de3ec1d4dfea686fd13856f09736343621e6fe73a25f0e
                                                                                                                      • Instruction Fuzzy Hash: E56173B1C11248DBCB04EBE8D946AEDBBB5AF59300F14455DE5157B382EB742A04CBA2
                                                                                                                      Function 00EA4DE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122memoryregistryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA4E15
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA4E47
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,000F003F,00E9AD1C,?,00E9AD20,?), ref: 00EA4E6B
                                                                                                                      • RegCloseKey.ADVAPI32(CCCCCCC3), ref: 00EA4E9C
                                                                                                                      • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EA4F1F
                                                                                                                      • task.LIBCPMTD ref: 00EA4F45
                                                                                                                      Strings
                                                                                                                      • registry was not opened, xrefs: 00EA4EAA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$CloseConcurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorOpentask
                                                                                                                      • String ID: registry was not opened
                                                                                                                      • API String ID: 3318282316-1342567452
                                                                                                                      • Opcode ID: 27e7dbe99045e771fc18c057f5a10c5dd318910bd640e32e7bfef2bcecd6c336
                                                                                                                      • Instruction ID: 44c56b568f03cf1ecc2d5939d729d894825aabdf24d527a982fd58a1fe78203e
                                                                                                                      • Opcode Fuzzy Hash: 27e7dbe99045e771fc18c057f5a10c5dd318910bd640e32e7bfef2bcecd6c336
                                                                                                                      • Instruction Fuzzy Hash: 5E512AB1D00249EBCB04EFE8D995BEEBBB5BF49300F14855DE4157B282DB746A04CBA1
                                                                                                                      Function 00F1466F Relevance: 12.2, APIs: 8, Instructions: 173COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • type_info::name.LIBCMTD ref: 00F14681
                                                                                                                      • task.LIBCPMTD ref: 00F14749
                                                                                                                      • task.LIBCPMTD ref: 00F14758
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDEC93
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDECA2
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDECB1
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDECCC
                                                                                                                      • task.LIBCPMTD ref: 00F14845
                                                                                                                      • task.LIBCPMTD ref: 00F14854
                                                                                                                      • task.LIBCPMTD ref: 00F14863
                                                                                                                      • task.LIBCPMTD ref: 00F148E6
                                                                                                                      • task.LIBCPMTD ref: 00F14927
                                                                                                                        • Part of subcall function 00F13230: std::bad_exception::~bad_exception.LIBCMTD ref: 00F13248
                                                                                                                      • task.LIBCPMTD ref: 00F14B50
                                                                                                                      • task.LIBCPMTD ref: 00F14B5F
                                                                                                                      • task.LIBCPMTD ref: 00F14B6E
                                                                                                                      • task.LIBCPMTD ref: 00F14B7D
                                                                                                                      • task.LIBCPMTD ref: 00F14B8F
                                                                                                                        • Part of subcall function 00F12790: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F127D4
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDEB6C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$ProcessorVirtual$Concurrency::RootRoot::std::bad_exception::~bad_exceptiontype_info::name
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 99202151-0
                                                                                                                      • Opcode ID: 4699308caa406e3f6077a1d38fbd9b02c06e9cf766e74bde23fde76e46cf8718
                                                                                                                      • Instruction ID: 0f304e46b0c9b7a4e577c271b08ac03cbaa83de84a65d6db0d29377854f4d76a
                                                                                                                      • Opcode Fuzzy Hash: 4699308caa406e3f6077a1d38fbd9b02c06e9cf766e74bde23fde76e46cf8718
                                                                                                                      • Instruction Fuzzy Hash: 36810771D012589BDB24EB64CD95BDEBBB4AF5A304F6080E9E049B7242EB342F84DF51
                                                                                                                      Function 00FE8940 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 301COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,00000000,00000000,?,?), ref: 00FE89E2
                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,?,00000001,00000001,?,?), ref: 00FE8A43
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$EnumPrinters$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: full_toner$paper_in
                                                                                                                      • API String ID: 1865925320-3620103445
                                                                                                                      • Opcode ID: 15c0a5d9ed7549e0a281c99aaa3688db96068928adad08103da77d65e8fb42fa
                                                                                                                      • Instruction ID: f8218a65917e69e986c25605b09ae0b1577cdcded1687a381dd573f466384225
                                                                                                                      • Opcode Fuzzy Hash: 15c0a5d9ed7549e0a281c99aaa3688db96068928adad08103da77d65e8fb42fa
                                                                                                                      • Instruction Fuzzy Hash: 90D16BB1C01248DFCF04EFA8C855BEEBBB5AF59300F248159E1197B282DB746A45DFA1
                                                                                                                      Function 00EDE100 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 207COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDE278
                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDE398
                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDE3B9
                                                                                                                      • task.LIBCPMTD ref: 00EDE3DC
                                                                                                                      • task.LIBCPMTD ref: 00EDE3EB
                                                                                                                      Strings
                                                                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00EDE122
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Concurrency::task_continuation_context::task_continuation_context$task
                                                                                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                                      • API String ID: 189456244-1713319389
                                                                                                                      • Opcode ID: 67ff94bf3831d03adc304e07180c269925c25e35f3aecc8a8a427afc1281dd68
                                                                                                                      • Instruction ID: 273be37447727e15172cee2e880ed7c80b038732cd9babd93951fa5aefdbffa3
                                                                                                                      • Opcode Fuzzy Hash: 67ff94bf3831d03adc304e07180c269925c25e35f3aecc8a8a427afc1281dd68
                                                                                                                      • Instruction Fuzzy Hash: 96918E71A015198BEB08DF94C5667FEB7B2EF84304F24913AD912AF7D1D7349A01CB94
                                                                                                                      Function 00EA2880 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 198memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708091011121314151617181920212223242526272829, xrefs: 00EA299B, 00EA29CF, 00EA2A1A, 00EA2A4E
                                                                                                                      • d, xrefs: 00EA2962
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap__aulldiv__aullremweak_ptr
                                                                                                                      • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708091011121314151617181920212223242526272829$d
                                                                                                                      • API String ID: 1707029608-159224879
                                                                                                                      • Opcode ID: df994f1c30b4c1a58a119e24248bd34a526ad1e6f77343b3d498ae7ab48a14f4
                                                                                                                      • Instruction ID: 9df1f27ec962e1fb65a8b1ba65d8a92e058d558ab9674dacd411eb4b237c3cb1
                                                                                                                      • Opcode Fuzzy Hash: df994f1c30b4c1a58a119e24248bd34a526ad1e6f77343b3d498ae7ab48a14f4
                                                                                                                      • Instruction Fuzzy Hash: 38812B70E04248EFCF15DFA8D8A1AEEBBF1AF49300F149459E556BB392DB306905CB60
                                                                                                                      Function 00EA2650 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 185memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708091011121314151617181920212223242526272829, xrefs: 00EA2742, 00EA2776, 00EA27C1, 00EA27F5
                                                                                                                      • d, xrefs: 00EA2709
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap__aulldiv__aullremweak_ptr
                                                                                                                      • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708091011121314151617181920212223242526272829$d
                                                                                                                      • API String ID: 1707029608-159224879
                                                                                                                      • Opcode ID: 4cc520fc38632c46aaa5334ce4094bba04882ae1603e6a829978722736889e4c
                                                                                                                      • Instruction ID: a1ea7157bd3958615fea0f2e45e57b6fd3a0af4bdee630c466115f2d13a06a86
                                                                                                                      • Opcode Fuzzy Hash: 4cc520fc38632c46aaa5334ce4094bba04882ae1603e6a829978722736889e4c
                                                                                                                      • Instruction Fuzzy Hash: C4711E71E04148EFCF15DFA8D891AEEBBF5AF49300F145459E156BB392DB316901CB60
                                                                                                                      Function 00EA2AD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 185memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      • d, xrefs: 00EA2B8B
                                                                                                                      • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899cannot use push_back() with , xrefs: 00EA2BC4, 00EA2BF8, 00EA2C43, 00EA2C77
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap__aulldiv__aullremweak_ptr
                                                                                                                      • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899cannot use push_back() with $d
                                                                                                                      • API String ID: 1707029608-1772582818
                                                                                                                      • Opcode ID: 4be5c326fadce8e7b54f4f8adcebd630d6b02053da552756bcc069f756b0ed84
                                                                                                                      • Instruction ID: f6f6d59bb6bded38bdeb1fa64c9819a11c72b21bbad6d02f8b8520427b975aa4
                                                                                                                      • Opcode Fuzzy Hash: 4be5c326fadce8e7b54f4f8adcebd630d6b02053da552756bcc069f756b0ed84
                                                                                                                      • Instruction Fuzzy Hash: 7471FB71E04248EFCF15EFA8D891AEEBBF1AF49300F149459E556BB392DB306901CB60
                                                                                                                      Function 00EAE1DA Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 166memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE2BD
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE376
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAE3B9
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00F1CC00: ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00F1CC59
                                                                                                                        • Part of subcall function 00F1CC00: GetLastError.KERNEL32 ref: 00F1CC6C
                                                                                                                        • Part of subcall function 00F1CC00: _DebugHeapAllocator.LIBCPMTD ref: 00F1CD00
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextErrorExecuteIdentityLastQueueShellWork
                                                                                                                      • String ID: 2$dl_error$oid=%d&entry_app=%ws&%ws
                                                                                                                      • API String ID: 2680194288-2322004494
                                                                                                                      • Opcode ID: ff10af20052f468cf1d181a6155afa1292253eff01a283f43f8f81e105973878
                                                                                                                      • Instruction ID: d0c58f40685fe701546db838e0cd9e53a940f01055de2cbf610c824fd8dc8378
                                                                                                                      • Opcode Fuzzy Hash: ff10af20052f468cf1d181a6155afa1292253eff01a283f43f8f81e105973878
                                                                                                                      • Instruction Fuzzy Hash: 978159B0C012999BCB15EB68DC59BDDB7B9AF59300F4080E9A1097B242DB742F84CF62
                                                                                                                      Function 00EBA650 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EABC40: _Smanip.LIBCPMTD ref: 00EABC68
                                                                                                                        • Part of subcall function 00E9B0F0: task.LIBCPMTD ref: 00E9B20F
                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EBA809
                                                                                                                      • task.LIBCPMTD ref: 00EBA82A
                                                                                                                      • task.LIBCPMTD ref: 00EBA839
                                                                                                                      • task.LIBCPMTD ref: 00EBA848
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::task_continuation_context::task_continuation_contextSmanip
                                                                                                                      • String ID: ", "$: "
                                                                                                                      • API String ID: 4064334268-747220369
                                                                                                                      • Opcode ID: a8686a35dc5d5e67d90cac1c6d209cf7a6e9b5931530450cb929657e85557b8a
                                                                                                                      • Instruction ID: 693520387d4e201fe617d57de6c7a7d9a5db9056abe89a509ef01f1b0f676862
                                                                                                                      • Opcode Fuzzy Hash: a8686a35dc5d5e67d90cac1c6d209cf7a6e9b5931530450cb929657e85557b8a
                                                                                                                      • Instruction Fuzzy Hash: CD512DB1D001189FCB14EFA4D892ADEB7B4BF59304F14916DE505BB296EF306A45CB90
                                                                                                                      Function 00EDC810 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ED65A0: std::bad_exception::bad_exception.LIBCMTD ref: 00ED6628
                                                                                                                        • Part of subcall function 00EA5C30: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EA5C6A
                                                                                                                      • task.LIBCPMTD ref: 00EDC9F4
                                                                                                                      • task.LIBCPMTD ref: 00EDCA03
                                                                                                                      • task.LIBCPMTD ref: 00EDCA1E
                                                                                                                      • task.LIBCPMTD ref: 00EDCA3C
                                                                                                                      • task.LIBCPMTD ref: 00EDCA4B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$ProcessorVirtual$Concurrency::RootRoot::std::bad_exception::bad_exception
                                                                                                                      • String ID: Z'
                                                                                                                      • API String ID: 3447452991-4250361131
                                                                                                                      • Opcode ID: 504d425a8e801ba5140c03c4641716608d81a983fc689903ea0ef9af83f6092d
                                                                                                                      • Instruction ID: 6b2dfa7036287b4f172939808e3ff057b366292025473b7f264a81fd0aa1715e
                                                                                                                      • Opcode Fuzzy Hash: 504d425a8e801ba5140c03c4641716608d81a983fc689903ea0ef9af83f6092d
                                                                                                                      • Instruction Fuzzy Hash: C7612071C00158DECB14EFA4D991BEEB7F4AF55300F6091A9E1167B292EB706F05CB91
                                                                                                                      Function 00F227A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDEF6E
                                                                                                                        • Part of subcall function 00EDEEB0: task.LIBCPMTD ref: 00EDEF7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00F20FA0: GetWindowRect.USER32(00000000,?), ref: 00F20FDF
                                                                                                                        • Part of subcall function 00F20FA0: GetDesktopWindow.USER32 ref: 00F20FF7
                                                                                                                        • Part of subcall function 00F20FA0: GetWindowRect.USER32(00000000), ref: 00F20FFE
                                                                                                                      • task.LIBCPMTD ref: 00F2299D
                                                                                                                        • Part of subcall function 00F21920: _DebugHeapAllocator.LIBCPMTD ref: 00F219A7
                                                                                                                        • Part of subcall function 00F21920: _DebugHeapAllocator.LIBCPMTD ref: 00F219DD
                                                                                                                        • Part of subcall function 00F21920: FindWindowExW.USER32(00000000,00000000,?,?), ref: 00F21A0E
                                                                                                                      • GetWindowRect.USER32(FFFFFFFF,?), ref: 00F22850
                                                                                                                        • Part of subcall function 00F051B0: MonitorFromPoint.USER32(00000000,00000000,00000001), ref: 00F051CE
                                                                                                                        • Part of subcall function 00F051B0: GetDpiForMonitor.API-MS-WIN-SHCORE-SCALING-L1-1-1(?,00000000,?,?), ref: 00F051E5
                                                                                                                        • Part of subcall function 00EDEA80: task.LIBCPMTD ref: 00EDEB6C
                                                                                                                      • task.LIBCPMTD ref: 00F228D1
                                                                                                                        • Part of subcall function 00ECD6D0: _DebugHeapAllocator.LIBCPMTD ref: 00ECD6F0
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00F21D50: SetWindowsHookExW.USER32(0000000D,00F21CB0,00000000,00000000), ref: 00F21E25
                                                                                                                        • Part of subcall function 00F21D50: GetWindowRect.USER32(FFFFFFFF,?), ref: 00F21E63
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F22937
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      Strings
                                                                                                                      • {"app": {"hide_window": "menu_search"}}, xrefs: 00F227F4
                                                                                                                      • {"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}, xrefs: 00F227C9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Window$AllocatorDebugHeapRect$Monitor$Base::Concurrency::details::ContextDesktopFindFromHookIdentityPointQueueWindowsWork
                                                                                                                      • String ID: {"app": {"hide_window": "menu_search"}}${"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}
                                                                                                                      • API String ID: 1694102721-2949532883
                                                                                                                      • Opcode ID: 214599f64510b1b14761047386034ba3bfd0099d5999dc259e9bb2f163e31534
                                                                                                                      • Instruction ID: ba2929f62f0a3d425e923b61ba703cf2c73fa8fbffa9211e4213d98b02d1e674
                                                                                                                      • Opcode Fuzzy Hash: 214599f64510b1b14761047386034ba3bfd0099d5999dc259e9bb2f163e31534
                                                                                                                      • Instruction Fuzzy Hash: 3E6168B1D002589FCB04EFA8DC92BEEBBB5BF49300F54815DE4057B282DB356A45CBA1
                                                                                                                      Function 00F041D0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 153memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04277
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F042E2
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F04310
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: eCode=%d$product$r_binErr
                                                                                                                      • API String ID: 520439995-1917030054
                                                                                                                      • Opcode ID: 672a9e36f2a9a83e666d93535da48d3cb443e4ac69e625adab8bb3e1052f6bb9
                                                                                                                      • Instruction ID: 94ba03b140d6ef2b8f2ce4a553c7c0420eb84979f5030b729f1e506d534d07ed
                                                                                                                      • Opcode Fuzzy Hash: 672a9e36f2a9a83e666d93535da48d3cb443e4ac69e625adab8bb3e1052f6bb9
                                                                                                                      • Instruction Fuzzy Hash: 61514FB1C1124CEBCB04EBE8D946ADDBBF4AF59300F54855DE4157B382EB746A04CBA2
                                                                                                                      Function 00F1803E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 148memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F180F7
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1813A
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F1821D
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00EBD460: _DebugHeapAllocator.LIBCPMTD ref: 00EBD500
                                                                                                                        • Part of subcall function 00EBD460: _DebugHeapAllocator.LIBCPMTD ref: 00EBD586
                                                                                                                        • Part of subcall function 00EBD460: _DebugHeapAllocator.LIBCPMTD ref: 00EBD5BE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: connection_error$critical_connection_error$product
                                                                                                                      • API String ID: 520439995-734357795
                                                                                                                      • Opcode ID: a3743129f4a845e40acea7051fa1401613bc6c036c59acd02ab3f17cc25db459
                                                                                                                      • Instruction ID: 3808e85d2201975bb1c6a94960fc4fbc368a6836735d90c9f51e6c3beb85da32
                                                                                                                      • Opcode Fuzzy Hash: a3743129f4a845e40acea7051fa1401613bc6c036c59acd02ab3f17cc25db459
                                                                                                                      • Instruction Fuzzy Hash: 776149B1D01258DACB14EBA4CD46BDDBBB4AF59300F4484D9E5497B242EB706F84CFA2
                                                                                                                      Function 00EBC770 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 145memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EBC827
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EBC855
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EBC883
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: /p.gif$bhist$ev.pcapp.store
                                                                                                                      • API String ID: 520439995-3993023549
                                                                                                                      • Opcode ID: fa5cb0480ad5c2ffcb30e98566e91768d7e67c0318cc624111374cf02e68f3c3
                                                                                                                      • Instruction ID: 2c17bc0ca3e53d1e4e836c63aa7758f5c587ce6fb707e8579070805490c0cfa2
                                                                                                                      • Opcode Fuzzy Hash: fa5cb0480ad5c2ffcb30e98566e91768d7e67c0318cc624111374cf02e68f3c3
                                                                                                                      • Instruction Fuzzy Hash: 08515FB1D11248ABCF04EFE8D946ADDBBF8AF59300F14455DE405BB342EB346A05CBA2
                                                                                                                      Function 00EFE9D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EFEA4A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFEA8F
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EFEACD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Concurrency::task_continuation_context::task_continuation_context
                                                                                                                      • String ID: %5D=$s%5B$
                                                                                                                      • API String ID: 1322382684-3098438597
                                                                                                                      • Opcode ID: f4841b29ac00a9735230a91d0e8e999fb9a21c48d25e3e315b0bdcb53cc5d9e2
                                                                                                                      • Instruction ID: 3eae0f994b71651ac16afc0482bc7204572e58c65f94c2afb76b44a361421492
                                                                                                                      • Opcode Fuzzy Hash: f4841b29ac00a9735230a91d0e8e999fb9a21c48d25e3e315b0bdcb53cc5d9e2
                                                                                                                      • Instruction Fuzzy Hash: 18317371D0414CABCB04EFA4C892AEEB7B5AF59300F109169F5067B292DF746A05CBA1
                                                                                                                      Function 00F089F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: at line $, column
                                                                                                                      • API String ID: 1384045349-191570568
                                                                                                                      • Opcode ID: 063f15eb775a8564a82740bb4c595b2c3b576e1e0bbf1057d687243fbc5b17d6
                                                                                                                      • Instruction ID: c1f28a3c381d5231efe43908ff5c13044093a75948c0d0d0b93313cf91c3d000
                                                                                                                      • Opcode Fuzzy Hash: 063f15eb775a8564a82740bb4c595b2c3b576e1e0bbf1057d687243fbc5b17d6
                                                                                                                      • Instruction Fuzzy Hash: 0831ECB5D00248EBCF04DF98D982BDEBBF4BB49304F148159E819B7342D7756A44CBA1
                                                                                                                      Function 00EA4320 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00EA4340
                                                                                                                      • int.LIBCPMTD ref: 00EA4359
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00EA4399
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00EA4401
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                                                      • String ID: S;
                                                                                                                      • API String ID: 3053331623-3934836605
                                                                                                                      • Opcode ID: 02351e47d61caef5ad5ce5f82d37d59a54a7e925536eda257e4936bdb339ada0
                                                                                                                      • Instruction ID: 38517d86e2b4bd02b965cda275975a8070c391485bf78a37076c59367b1e20d4
                                                                                                                      • Opcode Fuzzy Hash: 02351e47d61caef5ad5ce5f82d37d59a54a7e925536eda257e4936bdb339ada0
                                                                                                                      • Instruction Fuzzy Hash: 47312AB5D00209DFCF04EFA4D991AEEBBB4BF49310F204619E525BB391DB746A44CBA1
                                                                                                                      Function 00ECCCD0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SHAppBarMessage.SHELL32(00000000,00000024), ref: 00ECCD0A
                                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00ECCD20
                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00ECCD32
                                                                                                                      • SHAppBarMessage.SHELL32(00000002,00000024), ref: 00ECCD41
                                                                                                                      • SHAppBarMessage.SHELL32(00000003,00000024), ref: 00ECCD54
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$MetricsSystem
                                                                                                                      • String ID: $
                                                                                                                      • API String ID: 2388057244-3993045852
                                                                                                                      • Opcode ID: a8403b102298ff137dc0bd5ecdc6a83907b1d258f7003a11bea1b22ee445ad19
                                                                                                                      • Instruction ID: 6213112d175bcb41fcf8e202ad94012f72ce2372b55e3f57f9c7ec58766acd41
                                                                                                                      • Opcode Fuzzy Hash: a8403b102298ff137dc0bd5ecdc6a83907b1d258f7003a11bea1b22ee445ad19
                                                                                                                      • Instruction Fuzzy Hash: 791193B5C003099FDB50DFE4D9497EEBFF4AB08711F10815AEA18F6284E7B916448FA5
                                                                                                                      Function 00E9CA50 Relevance: 9.2, APIs: 6, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: allocator
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3447690668-0
                                                                                                                      • Opcode ID: 3eaa775c7b866434a86d72ec7e979dcb56962522430609333324b4b958d5a316
                                                                                                                      • Instruction ID: 27ddf05217ead5a713b84efe56888339dbb611ae91844951e1cb9fb954c6be47
                                                                                                                      • Opcode Fuzzy Hash: 3eaa775c7b866434a86d72ec7e979dcb56962522430609333324b4b958d5a316
                                                                                                                      • Instruction Fuzzy Hash: 55A1E674604209AFDF04DF58D4A1AAEBBB1BF48314F28D558E849AF342D731EA41CB90
                                                                                                                      Function 00EDE500 Relevance: 9.2, APIs: 6, Instructions: 205COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • task.LIBCPMTD ref: 00EDE561
                                                                                                                      • task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EDD7C0: _DebugHeapAllocator.LIBCPMTD ref: 00EDD7CA
                                                                                                                        • Part of subcall function 00EDD980: _DebugHeapAllocator.LIBCPMTD ref: 00EDD998
                                                                                                                        • Part of subcall function 00EDF1C0: task.LIBCPMTD ref: 00EDF26C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • task.LIBCPMTD ref: 00EDE76C
                                                                                                                      • task.LIBCPMTD ref: 00EDE77B
                                                                                                                      • task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 520439995-0
                                                                                                                      • Opcode ID: 462b15416735f3d1a3cec37f887d6445c7e8515d14be1a810f021ee0f7883bd8
                                                                                                                      • Instruction ID: b55c6a68521ee58bedbba6f300b26f651e840010ebf9fa50634fbb0327c30aaa
                                                                                                                      • Opcode Fuzzy Hash: 462b15416735f3d1a3cec37f887d6445c7e8515d14be1a810f021ee0f7883bd8
                                                                                                                      • Instruction Fuzzy Hash: 15911A71C00258DFCB04EF94C991BEEB7B5BF59304F10919AE11ABB292DB306E49CB91
                                                                                                                      Function 00FF85B5 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00FF85FE
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00FF8669
                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FF8686
                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00FF86C5
                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FF8724
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00FF8747
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2829165498-0
                                                                                                                      • Opcode ID: 57b0bf2c521ff0f58a3af5a1b64a7747b716f4e4c9bbd1104e1bbf16a70fa36a
                                                                                                                      • Instruction ID: 8895e6834eedf240a97d0fd38a57613939335de7ae3e70e3b5bfe2fbad54b270
                                                                                                                      • Opcode Fuzzy Hash: 57b0bf2c521ff0f58a3af5a1b64a7747b716f4e4c9bbd1104e1bbf16a70fa36a
                                                                                                                      • Instruction Fuzzy Hash: EB51A37390020AAFEF216F50CD84FBB7BA9EF44790F244425FA15EA1A0EB759D11EB50
                                                                                                                      Function 00EDEEB0 Relevance: 9.1, APIs: 6, Instructions: 141COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDDA20: task.LIBCPMTD ref: 00EDDAA1
                                                                                                                        • Part of subcall function 00EDBE20: task.LIBCPMTD ref: 00EDBE79
                                                                                                                        • Part of subcall function 00EDF1C0: task.LIBCPMTD ref: 00EDF26C
                                                                                                                      • task.LIBCPMTD ref: 00EDEF6E
                                                                                                                      • task.LIBCPMTD ref: 00EDEF7D
                                                                                                                        • Part of subcall function 00EDE100: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00EDE278
                                                                                                                      • task.LIBCPMTD ref: 00EDF04C
                                                                                                                      • task.LIBCPMTD ref: 00EDF05B
                                                                                                                      • task.LIBCPMTD ref: 00EDF067
                                                                                                                      • task.LIBCPMTD ref: 00EDF076
                                                                                                                        • Part of subcall function 00EDD7C0: _DebugHeapAllocator.LIBCPMTD ref: 00EDD7CA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorConcurrency::task_continuation_context::task_continuation_contextDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1916955639-0
                                                                                                                      • Opcode ID: e988b473097ec4531315a9fbc73302c122c9588b0acc207b34f30539bb886a6b
                                                                                                                      • Instruction ID: 884a7f561dc8f50442e4de3695883e59cc4ec871c928e2d0ea5d8562ccaf0273
                                                                                                                      • Opcode Fuzzy Hash: e988b473097ec4531315a9fbc73302c122c9588b0acc207b34f30539bb886a6b
                                                                                                                      • Instruction Fuzzy Hash: 10511D71C04148EFCB14EBA4C995BEEBBF5AF19300F14915AE505B7292EB346B09CBA1
                                                                                                                      Function 00EE60F0 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1384045349-0
                                                                                                                      • Opcode ID: a3240ce1f0aabff62034e7ddb440ca716939c8da76d4df3230c6b4e1a3a84559
                                                                                                                      • Instruction ID: 68c6511a9cb59bfb979208c42f479e4fd489ef75e2e16f279dc8e215168707c9
                                                                                                                      • Opcode Fuzzy Hash: a3240ce1f0aabff62034e7ddb440ca716939c8da76d4df3230c6b4e1a3a84559
                                                                                                                      • Instruction Fuzzy Hash: 3D513A71D0024CDFCB08EF94C991AEEB7B5BF59300F209159E5167B292EB306A05CFA1
                                                                                                                      Function 00EB82D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 386COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _strcspntask
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 2935182443-2766056989
                                                                                                                      • Opcode ID: 46c11a82486eb5196e8144f9ddefbb20c0ce74f46013d7c155f5545a052dc863
                                                                                                                      • Instruction ID: c54d776e5dd56210a5747372163bf2980a3c13db7cb76270a3da71f0f000fe22
                                                                                                                      • Opcode Fuzzy Hash: 46c11a82486eb5196e8144f9ddefbb20c0ce74f46013d7c155f5545a052dc863
                                                                                                                      • Instruction Fuzzy Hash: 7AF135B19001099FCB18DF98D991BEEBBF9BF48304F149159F509BB391DB34AA41CBA0
                                                                                                                      Function 00EC883E Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::cancellation_token_source::cancellation_token_source__crt_unique_heap_ptr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4153040870-0
                                                                                                                      • Opcode ID: 72a7632492893365d101ea286b3fb317b1aa3899363d1686fd086b84047b5e52
                                                                                                                      • Instruction ID: a0384999594043fcec7756141d20ef6199565d64b2142f827f7d2f4d91dda615
                                                                                                                      • Opcode Fuzzy Hash: 72a7632492893365d101ea286b3fb317b1aa3899363d1686fd086b84047b5e52
                                                                                                                      • Instruction Fuzzy Hash: FC413D31C05249DECB18EBA4D955BEDFBB0AF2A304F509098E4097B292DB752F44DB51
                                                                                                                      Function 00EBCBB0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 306memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EBCF85
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00EA9F90: Concurrency::details::VirtualProcessorRoot::Subscribe.LIBCONCRTD ref: 00EA9F9A
                                                                                                                      • task.LIBCPMTD ref: 00EBD007
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorConcurrency::details::DebugHeap$Base::ContextIdentityProcessorQueueRoot::SubscribeVirtualWork
                                                                                                                      • String ID: UY$main=%d&offer=%d&start_menu=%d&search=%d&settings=%d$product
                                                                                                                      • API String ID: 4174625666-2473466592
                                                                                                                      • Opcode ID: c94000aa56a80f370ac78a529fa88b4824c80483164745e6baa49a6595ef8d89
                                                                                                                      • Instruction ID: dc3f72e1364780023a9851190b200e10f8cd54a545bcc50e8901b73c1acc313b
                                                                                                                      • Opcode Fuzzy Hash: c94000aa56a80f370ac78a529fa88b4824c80483164745e6baa49a6595ef8d89
                                                                                                                      • Instruction Fuzzy Hash: 81D13D71D01248DBCB14EBA8C956BDEBBB5AF59300F14819DE1497B386DB702B44CFA2
                                                                                                                      Function 00ED2A72 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1384045349-0
                                                                                                                      • Opcode ID: 6b5fa1c3b92fc6656c51ca4eaee643c6ede547df6e7d0c6edf5fa91e57cd6d8a
                                                                                                                      • Instruction ID: dbc543767b892575db7c4450b6b6cd8afad06843a5a1f74d12581f2db1b8b7cc
                                                                                                                      • Opcode Fuzzy Hash: 6b5fa1c3b92fc6656c51ca4eaee643c6ede547df6e7d0c6edf5fa91e57cd6d8a
                                                                                                                      • Instruction Fuzzy Hash: D6014830906288DEDB14EB64C8497DDFBF0AF26301F6095E990497B293DB302F49DB82
                                                                                                                      Function 00ED2A7D Relevance: 9.0, APIs: 6, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1384045349-0
                                                                                                                      • Opcode ID: 63fb48ced95f0e6cffd2cb9906f6ec7742ba706d0226614ae0a942f02025bc2f
                                                                                                                      • Instruction ID: fd1ba8688befc60cd58ee2dd5ad7e65fbea017f7f030e9acd5a2392fc00c5be5
                                                                                                                      • Opcode Fuzzy Hash: 63fb48ced95f0e6cffd2cb9906f6ec7742ba706d0226614ae0a942f02025bc2f
                                                                                                                      • Instruction Fuzzy Hash: 81014830906288DEDB14EB64C8497DDFBF0AF26301F6085E990497B293DB702F48DB82
                                                                                                                      Function 00FD69E0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 240memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD6ADA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD6B0B
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: product$system_panel_not_found
                                                                                                                      • API String ID: 1698587239-2697177965
                                                                                                                      • Opcode ID: f06fa8003f860539584bf21c3041f79e51313190d69a841b1c9ad758bb885b18
                                                                                                                      • Instruction ID: f9744a96313d3ff24b3744e716b7f019ede7960f39603ee176de848a3c493b3d
                                                                                                                      • Opcode Fuzzy Hash: f06fa8003f860539584bf21c3041f79e51313190d69a841b1c9ad758bb885b18
                                                                                                                      • Instruction Fuzzy Hash: 02A16AB1D012499FCB04EFE8D995BEEBBB5AF49300F14815DE015BB382DB346A05DBA1
                                                                                                                      Function 00ED2B10 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 233memorysynchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ECFC60: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00ECFC70
                                                                                                                        • Part of subcall function 00ECFC60: GetSystemMetrics.USER32(00000000), ref: 00ECFC78
                                                                                                                        • Part of subcall function 00ECFC60: GetSystemMetrics.USER32(00000001), ref: 00ECFC83
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00F051B0: MonitorFromPoint.USER32(00000000,00000000,00000001), ref: 00F051CE
                                                                                                                        • Part of subcall function 00F051B0: GetDpiForMonitor.API-MS-WIN-SHCORE-SCALING-L1-1-1(?,00000000,?,?), ref: 00F051E5
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED2C7F
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED2DB1
                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000032,?,00000000,000000FF), ref: 00ED2DDF
                                                                                                                      • task.LIBCPMTD ref: 00ED2E06
                                                                                                                      Strings
                                                                                                                      • {"app": {"init":{"direction":"%c","screen_size":{"with_topbar":%d,"t":%d,"l":%d,"b":%d,"r":%d}}}}, xrefs: 00ED2B7D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: System$AllocatorDebugHeapMetricsMonitortask$Base::Concurrency::details::ContextFromIdentityInfoObjectParametersPointQueueSingleWaitWork
                                                                                                                      • String ID: {"app": {"init":{"direction":"%c","screen_size":{"with_topbar":%d,"t":%d,"l":%d,"b":%d,"r":%d}}}}
                                                                                                                      • API String ID: 1414840756-1969085302
                                                                                                                      • Opcode ID: 7c6968ee87d195dc1c9b43627614f5348c2386721c6598752556b5a3cf952b08
                                                                                                                      • Instruction ID: 5f8ff40334d7db85f065486d55a38288fa517f9e7e957c91fdd3562614743820
                                                                                                                      • Opcode Fuzzy Hash: 7c6968ee87d195dc1c9b43627614f5348c2386721c6598752556b5a3cf952b08
                                                                                                                      • Instruction Fuzzy Hash: B3A13CB1D042489BCB04EFE8D991AEEFBF5AF59300F14815DE5057B282EB346A45CFA1
                                                                                                                      Function 00EDC590 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDBD60: task.LIBCPMTD ref: 00EDBDFD
                                                                                                                        • Part of subcall function 00EA5C30: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00EA5C6A
                                                                                                                      • task.LIBCPMTD ref: 00EDC7AF
                                                                                                                      • task.LIBCPMTD ref: 00EDC7BE
                                                                                                                      • task.LIBCPMTD ref: 00EDC7DC
                                                                                                                      • task.LIBCPMTD ref: 00EDC7EB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$ProcessorVirtual$Concurrency::RootRoot::
                                                                                                                      • String ID: /
                                                                                                                      • API String ID: 3211395705-2043925204
                                                                                                                      • Opcode ID: 3cffe97f24a6dfc88ef7cd208838f169be0d803a7825eff21c2a78cd02c93f0e
                                                                                                                      • Instruction ID: 9f8762db3410133349614cd06d19c05fd64842b48cac6e621a7b4e4f8aede6f2
                                                                                                                      • Opcode Fuzzy Hash: 3cffe97f24a6dfc88ef7cd208838f169be0d803a7825eff21c2a78cd02c93f0e
                                                                                                                      • Instruction Fuzzy Hash: 9A71B571C0014CDACB14DBE4D891BEEBBF4AF5A300F2491AAE0557B292EB305F46CB91
                                                                                                                      Function 00EDAED0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 175COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: char_traits
                                                                                                                      • String ID: $
                                                                                                                      • API String ID: 1158913984-227171996
                                                                                                                      • Opcode ID: 987b154bbbcbbe874ea3578680d4bbf67d2d6deb56e867b3ded7e7aa333981df
                                                                                                                      • Instruction ID: 88b88d9cc939a59c3136b51f3b4fe6db324cbfe147d5eee912e0a54497a008e3
                                                                                                                      • Opcode Fuzzy Hash: 987b154bbbcbbe874ea3578680d4bbf67d2d6deb56e867b3ded7e7aa333981df
                                                                                                                      • Instruction Fuzzy Hash: 37713CB5E00108EFCB04DFA8C8919EEBBB5FF48304F1455AAE516B7341D731AA42CB95
                                                                                                                      Function 00FDA4D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FDA502
                                                                                                                        • Part of subcall function 00EDFBA0: std::_Mutex_base::_Mutex_base.LIBCONCRTD ref: 00EDFBAC
                                                                                                                      • std::condition_variable::condition_variable.LIBCONCRTD ref: 00FDA59E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • OpenEventW.KERNEL32(001F0003,00000001,00000000), ref: 00FDA637
                                                                                                                        • Part of subcall function 00EBE800: std::_Throw_Cpp_error.LIBCPMT ref: 00EBE81A
                                                                                                                        • Part of subcall function 00EBE800: std::_Throw_Cpp_error.LIBCPMT ref: 00EBE837
                                                                                                                      • task.LIBCPMTD ref: 00FDA6D6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: std::_$Cpp_errorThrow_task$AllocatorBase::Concurrency::details::ContextDebugEventHeapIdentityMutex_baseMutex_base::_OpenQueueWorkstd::condition_variable::condition_variable
                                                                                                                      • String ID: ClosingEvent
                                                                                                                      • API String ID: 938937705-2998232585
                                                                                                                      • Opcode ID: f947f046526e180a8e3ededb8146397e8fe012c51e3dcc17c138b2ff8db8fb36
                                                                                                                      • Instruction ID: adbf9898a52205c261e2dff164bc8a8de7235e1a34b7097b67549967f3e150a5
                                                                                                                      • Opcode Fuzzy Hash: f947f046526e180a8e3ededb8146397e8fe012c51e3dcc17c138b2ff8db8fb36
                                                                                                                      • Instruction Fuzzy Hash: 8B6109B1D00249DBCB04EFA8C995BEEBBB1BF59304F14855DE4167B382DB746A04CBA1
                                                                                                                      Function 00EB0A00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EB0B7B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • std::bad_exception::bad_exception.LIBCMTD ref: 00EB0BA3
                                                                                                                        • Part of subcall function 0100A65E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EBB11C,?,?,?,?,00EBB11C,?,01063DA4,?,?,00E9D9BF), ref: 0100A6BE
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorBase::Concurrency::details::ContextDebugExceptionHeapIdentityQueueRaiseWorkstd::bad_exception::bad_exception
                                                                                                                      • String ID: Memory allocation error
                                                                                                                      • API String ID: 1852873121-4275684249
                                                                                                                      • Opcode ID: c6d3c569441d4281562403bc0a5680fd16bace7b2a0cac2fa79687734b2f0dd7
                                                                                                                      • Instruction ID: 9774db98561a9fd209fe589336462c4c088b1260501f79735c5b544ef06a7448
                                                                                                                      • Opcode Fuzzy Hash: c6d3c569441d4281562403bc0a5680fd16bace7b2a0cac2fa79687734b2f0dd7
                                                                                                                      • Instruction Fuzzy Hash: CF514DB1D00209DFCB04EFA8D985BEEBBB5BF59304F248159E5057B381DB316A05CBA1
                                                                                                                      Function 00ECA781 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 147memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA7C5
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA7FE
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA89A
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ECA8DD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: close_state=%ws
                                                                                                                      • API String ID: 520439995-2840752808
                                                                                                                      • Opcode ID: e08cff0414a653acdef6342c42d3ce7afff5175e8385965d3796fe371cb381ab
                                                                                                                      • Instruction ID: f98f7a9dd09e9a88bd746a1495969c52c0036d69b6de5df230598a28672be2fb
                                                                                                                      • Opcode Fuzzy Hash: e08cff0414a653acdef6342c42d3ce7afff5175e8385965d3796fe371cb381ab
                                                                                                                      • Instruction Fuzzy Hash: 0D615CB1D01258DECB14EBA4DD46BDDBBB5AF59300F5085D9E109B7282EB702B44CFA2
                                                                                                                      Function 00EEEDC1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F05B10: task.LIBCPMTD ref: 00F05C03
                                                                                                                        • Part of subcall function 00ED8AD0: task.LIBCPMTD ref: 00ED8B42
                                                                                                                        • Part of subcall function 00ED8AD0: task.LIBCPMTD ref: 00ED8B4E
                                                                                                                        • Part of subcall function 00ED8AD0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00ED8B63
                                                                                                                        • Part of subcall function 00ED8AD0: task.LIBCPMTD ref: 00ED8B7B
                                                                                                                        • Part of subcall function 00EED3E0: std::bad_exception::bad_exception.LIBCMTD ref: 00EED402
                                                                                                                      • task.LIBCPMTD ref: 00EEEF5D
                                                                                                                      • task.LIBCPMTD ref: 00EEEF7B
                                                                                                                      • task.LIBCPMTD ref: 00EEEF8A
                                                                                                                      • task.LIBCPMTD ref: 00EEEF99
                                                                                                                      Strings
                                                                                                                      • number overflow parsing ', xrefs: 00EEEE35
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorstd::bad_exception::bad_exception
                                                                                                                      • String ID: number overflow parsing '
                                                                                                                      • API String ID: 1737090687-3802681121
                                                                                                                      • Opcode ID: b7e34d8721393a0c1d784e778e409ea223cd3487a6f22aa572ad22ce06d56b9e
                                                                                                                      • Instruction ID: 58d9485dd174a980e4b589ee1fe342e30268385d5efe4938395bda62f9a0109f
                                                                                                                      • Opcode Fuzzy Hash: b7e34d8721393a0c1d784e778e409ea223cd3487a6f22aa572ad22ce06d56b9e
                                                                                                                      • Instruction Fuzzy Hash: 60611AB0D01258DBDB14DB68CC51BEEBBB1AF45304F1085DAE5497B282EB301E84DF65
                                                                                                                      Function 00EAC190 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAC253
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAC27E
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAC2B0
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE7A2
                                                                                                                        • Part of subcall function 00EBD460: _DebugHeapAllocator.LIBCPMTD ref: 00EBD500
                                                                                                                        • Part of subcall function 00EBD460: _DebugHeapAllocator.LIBCPMTD ref: 00EBD586
                                                                                                                        • Part of subcall function 00EBD460: _DebugHeapAllocator.LIBCPMTD ref: 00EBD5BE
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: offer_timeout$product
                                                                                                                      • API String ID: 520439995-3705266476
                                                                                                                      • Opcode ID: 61f9676fcf067daac82be9313223afb13a083ed3f099804b1bc64bd0590d809c
                                                                                                                      • Instruction ID: c0026a2f91101c7278332c9e0f2a6592de03041b3b20e35b5bd83ffd95b9330d
                                                                                                                      • Opcode Fuzzy Hash: 61f9676fcf067daac82be9313223afb13a083ed3f099804b1bc64bd0590d809c
                                                                                                                      • Instruction Fuzzy Hash: 24412FB1D10248ABCF04EFE8D946AEDBBF5AB49700F14455DF415BB382E7746A04CBA2
                                                                                                                      Function 00EAEA70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 110memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EAEB08
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                        • Part of subcall function 00F1CC00: ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00F1CC59
                                                                                                                        • Part of subcall function 00F1CC00: GetLastError.KERNEL32 ref: 00F1CC6C
                                                                                                                        • Part of subcall function 00F1CC00: _DebugHeapAllocator.LIBCPMTD ref: 00F1CD00
                                                                                                                      • task.LIBCPMTD ref: 00EAEBB5
                                                                                                                      • task.LIBCPMTD ref: 00EAEBD0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextErrorExecuteIdentityLastQueueShellWork
                                                                                                                      • String ID: ?guid=$https://pcapp.store/account/login
                                                                                                                      • API String ID: 2680194288-2754287439
                                                                                                                      • Opcode ID: 11ca9a72b21ced9830fe9ed5d1e2bc3454be8f145075848eabd03ceb7b1c8cbc
                                                                                                                      • Instruction ID: d4978d636859d0db1383b680a30bb96f999c8e4efe55c9a1c045c3b4104cf4d5
                                                                                                                      • Opcode Fuzzy Hash: 11ca9a72b21ced9830fe9ed5d1e2bc3454be8f145075848eabd03ceb7b1c8cbc
                                                                                                                      • Instruction Fuzzy Hash: 82414DB1C01248ABCB04FFE4D956ADDFBF5AF5A300F54556DE4157B282EB342A04CBA2
                                                                                                                      Function 00ED271E Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 107memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED27D7
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED281A
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: $product$start_menu_self_error
                                                                                                                      • API String ID: 520439995-3479588136
                                                                                                                      • Opcode ID: dbd8d3c7f2cd22a5fa4c9668160a9d5b0d665a63aa56d401505bf4e27d80a30f
                                                                                                                      • Instruction ID: 068bf1cbc2ab1016903ebe942703777048dcaaddf44ea56bf9fe6d49eca2b8dc
                                                                                                                      • Opcode Fuzzy Hash: dbd8d3c7f2cd22a5fa4c9668160a9d5b0d665a63aa56d401505bf4e27d80a30f
                                                                                                                      • Instruction Fuzzy Hash: B0513AB0D0525CDBCB14EBA4DD49ADDBBB4AF59300F4080D9A4087B242DB706F84DF91
                                                                                                                      Function 00ED28D8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED296E
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00ED29B1
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: #$product$start_menu_global_error
                                                                                                                      • API String ID: 520439995-524700894
                                                                                                                      • Opcode ID: 402a8aaf44935eff37a5f8c417988f07115e8e0692b37c539e83f1918fbe4781
                                                                                                                      • Instruction ID: 589c0279139d9af1273068a5b1382bdeef8d35b9050c3d8814894f413a2381a2
                                                                                                                      • Opcode Fuzzy Hash: 402a8aaf44935eff37a5f8c417988f07115e8e0692b37c539e83f1918fbe4781
                                                                                                                      • Instruction Fuzzy Hash: E64181B1D012589BDB24EBA4DC5A6DDBBB0AF5A300F5480DDE1487B242EB742B44CF92
                                                                                                                      Function 00F1496F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F14A05
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F14A48
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: $firefox_reading_error$product
                                                                                                                      • API String ID: 520439995-1785629431
                                                                                                                      • Opcode ID: 7e717161328e69e5e590eaababb0addf1c5959453b54e502588525de5f65dfcf
                                                                                                                      • Instruction ID: d58b6d8e1afb9bbee3e6684b7cd53a25de97c53015e5655be578057a9130fa65
                                                                                                                      • Opcode Fuzzy Hash: 7e717161328e69e5e590eaababb0addf1c5959453b54e502588525de5f65dfcf
                                                                                                                      • Instruction Fuzzy Hash: 614162B1C01258DADB14EBA4CD45BDDBBB4AF59300F5485DDE1087B282DB742F44DBA2
                                                                                                                      Function 00EFE0E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB52E
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB53A
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB546
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB558
                                                                                                                      • task.LIBCPMTD ref: 00EFE152
                                                                                                                      • task.LIBCPMTD ref: 00EFE15E
                                                                                                                      • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EFE173
                                                                                                                      • task.LIBCPMTD ref: 00EFE18B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                      • String ID: invalid_iterator
                                                                                                                      • API String ID: 2520070614-2508626007
                                                                                                                      • Opcode ID: e64027c8029402249404ebf65e4bc1ec64c3ec3370531696c23a0eaff898f3bb
                                                                                                                      • Instruction ID: cb4e9da6311977872ad31aaacc274fd3f7d8c9d56a72c4736488feae797dee24
                                                                                                                      • Opcode Fuzzy Hash: e64027c8029402249404ebf65e4bc1ec64c3ec3370531696c23a0eaff898f3bb
                                                                                                                      • Instruction Fuzzy Hash: B3213BB190024CABCB04DF98C882BEEBBB8BF48714F144119F5156B281DB346A05CB91
                                                                                                                      Function 00ED8AD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB52E
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB53A
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB546
                                                                                                                        • Part of subcall function 00ECB450: task.LIBCPMTD ref: 00ECB558
                                                                                                                      • task.LIBCPMTD ref: 00ED8B42
                                                                                                                      • task.LIBCPMTD ref: 00ED8B4E
                                                                                                                      • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00ED8B63
                                                                                                                      • task.LIBCPMTD ref: 00ED8B7B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                      • String ID: out_of_range
                                                                                                                      • API String ID: 2520070614-3053435996
                                                                                                                      • Opcode ID: 4069af618ce3881b537239422e0e0b631b0481f7472996d5221a21197e9296f6
                                                                                                                      • Instruction ID: 74f842090d8b812bda7e9d39133f9336ad3b3b1b88207afefb4bade0d7259fd5
                                                                                                                      • Opcode Fuzzy Hash: 4069af618ce3881b537239422e0e0b631b0481f7472996d5221a21197e9296f6
                                                                                                                      • Instruction Fuzzy Hash: 85214DB190024CEBCB04DF98CD82BEEBBF8BF48714F144219F5256B282DB746A05CB91
                                                                                                                      Function 00F06CE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetErrorInfo.OLEAUT32(00000000,00000000,00000000,?,?,?,?,00EF2A40,00000000,00000000,00000000), ref: 00F06D49
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorInfo
                                                                                                                      • String ID: @*$@*$RoOriginateLanguageException$combase.dll
                                                                                                                      • API String ID: 3619768924-3764621722
                                                                                                                      • Opcode ID: 5c75ae882bb4b99afac43d9c31ba0d99e00fdca0659f537c530c2db129b0c5d2
                                                                                                                      • Instruction ID: 92d211ed7e0ab840a9493fcbd420144f4f95d52acf4e44b47ba2b1599ab6cc02
                                                                                                                      • Opcode Fuzzy Hash: 5c75ae882bb4b99afac43d9c31ba0d99e00fdca0659f537c530c2db129b0c5d2
                                                                                                                      • Instruction Fuzzy Hash: 64017C71A5020DABC704EB94CC42FBFB778FB54B10F104529FA657A6C5EB742A04CBA1
                                                                                                                      Function 00F0C360 Relevance: 7.7, APIs: 5, Instructions: 185COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Fgetc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1720979605-0
                                                                                                                      • Opcode ID: 16b1755d8e133705f4e672e1e427a9dcc0984583917805640435ae6a464d0801
                                                                                                                      • Instruction ID: 259dfbf4170c40f9a0a7cd7d627ed5088decf2b7d19d2bb5790b8e8c54b7cb06
                                                                                                                      • Opcode Fuzzy Hash: 16b1755d8e133705f4e672e1e427a9dcc0984583917805640435ae6a464d0801
                                                                                                                      • Instruction Fuzzy Hash: FA715FB5C00219DFCB14EFA4C991AFEB7B5BF44310F145229E41677292EB306E45EB91
                                                                                                                      Function 00EDEA80 Relevance: 7.7, APIs: 5, Instructions: 185COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • task.LIBCPMTD ref: 00EDEB6C
                                                                                                                        • Part of subcall function 00EDD7C0: _DebugHeapAllocator.LIBCPMTD ref: 00EDD7CA
                                                                                                                        • Part of subcall function 00EDD980: _DebugHeapAllocator.LIBCPMTD ref: 00EDD998
                                                                                                                        • Part of subcall function 00EDF1C0: task.LIBCPMTD ref: 00EDF26C
                                                                                                                      • task.LIBCPMTD ref: 00EDEC93
                                                                                                                      • task.LIBCPMTD ref: 00EDECA2
                                                                                                                      • task.LIBCPMTD ref: 00EDECB1
                                                                                                                      • task.LIBCPMTD ref: 00EDECCC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3843943072-0
                                                                                                                      • Opcode ID: 6706b39976961a4be19cff9196465c8eec7409dafa7ffb2dcef48f91ea4f99ff
                                                                                                                      • Instruction ID: 76a3a4597d817e7b10c74826c213a785df64b482e0b85215ba3745541327d8a2
                                                                                                                      • Opcode Fuzzy Hash: 6706b39976961a4be19cff9196465c8eec7409dafa7ffb2dcef48f91ea4f99ff
                                                                                                                      • Instruction Fuzzy Hash: 21811771D00208DFCB04EF94D991AEEB7B5FF49300F24816AE116BB291EB306A09CB91
                                                                                                                      Function 00FD6450 Relevance: 7.7, APIs: 5, Instructions: 158memorycomCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD64AC
                                                                                                                      • std::exception_ptr::exception_ptr.LIBCMTD ref: 00FD656F
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD65A8
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FD65C2
                                                                                                                      • CoCreateInstance.OLE32(010527F4,00000000,00000001,010527E4,00000000,00000000,00000000,00000000,?,?,000000FF,0103C017,000000FF,?,00FD6286,?), ref: 00FD6608
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$CreateInstancestd::exception_ptr::exception_ptr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3540912147-0
                                                                                                                      • Opcode ID: 1cc56a2abfdee642d8281ff7a9206acbfb7ecece4949b750fb53f6292a7f7240
                                                                                                                      • Instruction ID: 4770c52cbb7c5c1e23ec27cfb8986564ba0d9d58cf870bbba1814860335a240a
                                                                                                                      • Opcode Fuzzy Hash: 1cc56a2abfdee642d8281ff7a9206acbfb7ecece4949b750fb53f6292a7f7240
                                                                                                                      • Instruction Fuzzy Hash: 08710AB4A0021ACFDB04DF98C895BAEBBB1FF89304F148559E555AB382C776A841CF61
                                                                                                                      Function 00EA2204 Relevance: 7.6, APIs: 5, Instructions: 133memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Concurrency::task_options::get_scheduler
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3259548370-0
                                                                                                                      • Opcode ID: 0478178139125f871b1460ff2bda767dc56cdef0b3dc7d3d0f99b18dc3219ffa
                                                                                                                      • Instruction ID: 1a6e366541c39059c533d29a76007c11a2ef95a9d0d8a53f5ac10f684cfc8430
                                                                                                                      • Opcode Fuzzy Hash: 0478178139125f871b1460ff2bda767dc56cdef0b3dc7d3d0f99b18dc3219ffa
                                                                                                                      • Instruction Fuzzy Hash: A9516D70D0025CDBCB14EBA8CD52BDEBBB4AF19300F209199E1157B292EB702F49CB91
                                                                                                                      Function 00EF04C0 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00EF04E0
                                                                                                                      • int.LIBCPMTD ref: 00EF04F9
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00EF0539
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00EF05A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3053331623-0
                                                                                                                      • Opcode ID: f78b70da93bbc4a6e7a0ae3ce56e4429788659b975e05e397e86d833936404da
                                                                                                                      • Instruction ID: 9d43be3f4732c29e7446f7c5cf1f08ffcf7bb53029efb8aac586ad71aff1ede4
                                                                                                                      • Opcode Fuzzy Hash: f78b70da93bbc4a6e7a0ae3ce56e4429788659b975e05e397e86d833936404da
                                                                                                                      • Instruction Fuzzy Hash: F53116B5D0020DDBCB14EF94C982AFEBBB4BF48310F205669E615B7391DB746A44CBA1
                                                                                                                      Function 00EA4420 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00EA4440
                                                                                                                      • int.LIBCPMTD ref: 00EA4459
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00EA4499
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00EA4501
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3053331623-0
                                                                                                                      • Opcode ID: 8a2d39f2a407654f479db86fe7c2274851703b6b085eaa53d875c998ca3c55a7
                                                                                                                      • Instruction ID: 20aff907d8cef85d37d6cfd2288d18ed547ed5036f0394ba9b7583c19d838cea
                                                                                                                      • Opcode Fuzzy Hash: 8a2d39f2a407654f479db86fe7c2274851703b6b085eaa53d875c998ca3c55a7
                                                                                                                      • Instruction Fuzzy Hash: 173118B5D00209DBCB04EF94C991BEEBBB5BF49310F205619E525BB391DB746A40CBA1
                                                                                                                      Function 00EF05C0 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00EF05E0
                                                                                                                      • int.LIBCPMTD ref: 00EF05F9
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00EF0639
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00EF06A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3053331623-0
                                                                                                                      • Opcode ID: 24cb8ec5bfcb283c30352c89d72ff7d4d27b52a0c537bf5bf41d6a5b60cc3ff2
                                                                                                                      • Instruction ID: 65c28645920849ef4a9ac3c4a6a16b2df5d408430a6d2cae412d086b6e6f2abf
                                                                                                                      • Opcode Fuzzy Hash: 24cb8ec5bfcb283c30352c89d72ff7d4d27b52a0c537bf5bf41d6a5b60cc3ff2
                                                                                                                      • Instruction Fuzzy Hash: 453118B5D0020DDBCB04EF94C981AFEBBB4BF48310F204669E515BB391DB746A40CBA1
                                                                                                                      Function 00EA4520 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00EA4540
                                                                                                                      • int.LIBCPMTD ref: 00EA4559
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00EA4599
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00EA4601
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3053331623-0
                                                                                                                      • Opcode ID: e55860f305b0cdda399ed699ba31b9751ee3a2952f1eca8604f2f77321cd586e
                                                                                                                      • Instruction ID: ed9afb1ee9ce1d23fcfb4cb77b2cf4ef21078f4803db73e922de93118c1faff3
                                                                                                                      • Opcode Fuzzy Hash: e55860f305b0cdda399ed699ba31b9751ee3a2952f1eca8604f2f77321cd586e
                                                                                                                      • Instruction Fuzzy Hash: F2312BB5D00209DFCB04EFA4C991BEEBBB4BF49310F205619E515BB391DB746A40CBA1
                                                                                                                      Function 00EF06C0 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00EF06E0
                                                                                                                      • int.LIBCPMTD ref: 00EF06F9
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::_Lockit.LIBCPMT ref: 00EABD56
                                                                                                                        • Part of subcall function 00EABD40: std::_Lockit::~_Lockit.LIBCPMT ref: 00EABD80
                                                                                                                      • Concurrency::cancel_current_task.LIBCPMTD ref: 00EF0739
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00EF07A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3053331623-0
                                                                                                                      • Opcode ID: 4caf84c38c9f31244a99f95b403417501e4f5afa4ee42f2fbc84094d768fa6c9
                                                                                                                      • Instruction ID: ea82b05d39cbd7e73bc08f50ada6e6c94430948ba5f8966e8ddd1896bbc92497
                                                                                                                      • Opcode Fuzzy Hash: 4caf84c38c9f31244a99f95b403417501e4f5afa4ee42f2fbc84094d768fa6c9
                                                                                                                      • Instruction Fuzzy Hash: 773118B5D0020DDBCB04EF94C981AFEBBB4BF48310F204659E555B7391DB746A44CBA1
                                                                                                                      Function 00EA46A0 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA46DB
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA46FA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA4716
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA473E
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA475A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 571936431-0
                                                                                                                      • Opcode ID: 3c9571b7b29f54230950727ec1112b2c9c0f98f9d891513aef2aed3de2010329
                                                                                                                      • Instruction ID: 5ba8d8e6c74cd646ad7d1c7028df6810af5b44dc003e4f8baf46641835b164bb
                                                                                                                      • Opcode Fuzzy Hash: 3c9571b7b29f54230950727ec1112b2c9c0f98f9d891513aef2aed3de2010329
                                                                                                                      • Instruction Fuzzy Hash: 6D31DDB0A00249DFCB04DF5CC851BAEBBB5FF89344F108558E415BB792C774AA11CBA4
                                                                                                                      Function 00EA4790 Relevance: 7.6, APIs: 5, Instructions: 66memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA47C6
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA47E2
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA47FB
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA481F
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA4838
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 571936431-0
                                                                                                                      • Opcode ID: a293ad48a0bdc605e387032f1ce32141251bc693c1d1af5d9a4bede3ac2522f2
                                                                                                                      • Instruction ID: 655d1cd992c1116d6f301f90c2b28b541fe04cb5405640daba0ef52d00e5eaa4
                                                                                                                      • Opcode Fuzzy Hash: a293ad48a0bdc605e387032f1ce32141251bc693c1d1af5d9a4bede3ac2522f2
                                                                                                                      • Instruction Fuzzy Hash: E131E6B0A04249DFCB08DF88D991BAEBBB5FF89304F10865CE415AB791C774AD10CBA4
                                                                                                                      Function 00ED0560 Relevance: 7.5, APIs: 5, Instructions: 45windowsynchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWinEventHook.USER32(00000003,00000003,00000000,00F1FB60,00000000,00000000,00000001), ref: 00ED057A
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED05A7
                                                                                                                      • TranslateMessage.USER32(?), ref: 00ED05B5
                                                                                                                      • DispatchMessageW.USER32(?), ref: 00ED05BF
                                                                                                                      • WaitForSingleObject.KERNEL32(00000032,00000032), ref: 00ED05CE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$DispatchEventHookObjectPeekSingleTranslateWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 836725691-0
                                                                                                                      • Opcode ID: 0f29f265678a48fb989fc1f7eb87722a4064ca77cd7f4928a2098a3c243058c5
                                                                                                                      • Instruction ID: 309b4956f9ed874619f977995044dd55c984a34bef6120b7c4232efd8d939b63
                                                                                                                      • Opcode Fuzzy Hash: 0f29f265678a48fb989fc1f7eb87722a4064ca77cd7f4928a2098a3c243058c5
                                                                                                                      • Instruction Fuzzy Hash: 5E0156B4A40308BBE720CBA1DD45FDD7B78AB44701F144049FA41BA2C8D6B5E641DF14
                                                                                                                      Function 00F14B09 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$std::bad_exception::~bad_exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 488757343-0
                                                                                                                      • Opcode ID: 5691b8444ece2c0585e4a2e31c5223cdb4406111c36321286f37f0fd2a4186de
                                                                                                                      • Instruction ID: 7d80b6c6fd4f8ec1d126b6c6ab426e184f5276d544558bf7ddc9c4a0451d605a
                                                                                                                      • Opcode Fuzzy Hash: 5691b8444ece2c0585e4a2e31c5223cdb4406111c36321286f37f0fd2a4186de
                                                                                                                      • Instruction Fuzzy Hash: DC112730805288DBDB14EB68C9967EDBBB0AB16304F5080E9D4156B283DB342F88DB92
                                                                                                                      Function 00FE8D70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,00000000,00000000,?,?), ref: 00FE8DAF
                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,000000FF,00000001,00000001,?,?), ref: 00FE8DF0
                                                                                                                      • _Smanip.LIBCPMTD ref: 00FE8EA0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnumPrinters$Smanip
                                                                                                                      • String ID: name
                                                                                                                      • API String ID: 1258091438-1579384326
                                                                                                                      • Opcode ID: b44369f1a444ee5d8411d6b2885c3c445bd9b9386752cb63f889c31eb9846e37
                                                                                                                      • Instruction ID: cccc286dd88d593fe1273e8e3f3a5a6b3587d0248b9b36ce762c475585d1ff06
                                                                                                                      • Opcode Fuzzy Hash: b44369f1a444ee5d8411d6b2885c3c445bd9b9386752cb63f889c31eb9846e37
                                                                                                                      • Instruction Fuzzy Hash: 575105B1D00248ABCF04EFD4C981BEEBBB5BF58300F14811DE515BB285DB74AA05CBA1
                                                                                                                      Function 00EB43EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 127COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                      • task.LIBCPMTD ref: 00EB45B2
                                                                                                                      • task.LIBCPMTD ref: 00EB45C1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: product$regHandler_error
                                                                                                                      • API String ID: 520439995-3258788493
                                                                                                                      • Opcode ID: 56e708326ab69f57b574a5cf6b995d99ce1da76c4a4556c7af3529e1727ebd71
                                                                                                                      • Instruction ID: 9070effcf46c55b6fc3d46ccc21fb93efd22735e22039a4e87e4e8655ec0443a
                                                                                                                      • Opcode Fuzzy Hash: 56e708326ab69f57b574a5cf6b995d99ce1da76c4a4556c7af3529e1727ebd71
                                                                                                                      • Instruction Fuzzy Hash: CD513D71D01258DADF14EBA8CD45BDDBBB4AF5A300F54809DE049BB242DB342A48CF92
                                                                                                                      Function 00EB0BD6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EB0C81
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EB0CB2
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: product$regHandler_error
                                                                                                                      • API String ID: 520439995-3258788493
                                                                                                                      • Opcode ID: 0463e2742d30a19f5eb730541ffef6ab0bc9d5d3cd590f2071dcf1078573f6bf
                                                                                                                      • Instruction ID: 7914097fef7063b4ab5dc93fe4ccc32461219d949e0eec36f434b6043144af8c
                                                                                                                      • Opcode Fuzzy Hash: 0463e2742d30a19f5eb730541ffef6ab0bc9d5d3cd590f2071dcf1078573f6bf
                                                                                                                      • Instruction Fuzzy Hash: 02413171D01248DADB04EBE8D946BDDBBF4AF59300F54819DE0497B342EB742B08CBA2
                                                                                                                      Function 00F182CA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F18383
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F183C6
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: connection_error$product
                                                                                                                      • API String ID: 520439995-2927753845
                                                                                                                      • Opcode ID: b4c0c57e18416fb22e0c4ddf88e8f34b0fa981f0eb594f8b73e34b674f41b60d
                                                                                                                      • Instruction ID: 08844b4c6cf2f1b764ee07281b5479565f4c5119bf44ed14fb70484968ef6924
                                                                                                                      • Opcode Fuzzy Hash: b4c0c57e18416fb22e0c4ddf88e8f34b0fa981f0eb594f8b73e34b674f41b60d
                                                                                                                      • Instruction Fuzzy Hash: CC5138B0C0125C9ACB14EBA4CD86ADDBBF5AB59300F5480D9E1497B242DB306F44DF91
                                                                                                                      Function 00F186CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EE1360: _DebugHeapAllocator.LIBCPMTD ref: 00EE1445
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F18763
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F18797
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: message_sending_error$product
                                                                                                                      • API String ID: 520439995-3199500181
                                                                                                                      • Opcode ID: d890e4d7b8a3fe3345ca6bea0850fe8e7a807d66a9b08d6f8e26d1d91f2c2464
                                                                                                                      • Instruction ID: d555ce94697d10378add20d8194baff4ad2f574593c2454ebdcb0ee0a5b599b2
                                                                                                                      • Opcode Fuzzy Hash: d890e4d7b8a3fe3345ca6bea0850fe8e7a807d66a9b08d6f8e26d1d91f2c2464
                                                                                                                      • Instruction Fuzzy Hash: 964151B1C01248DACF14EBA4D946BDDBBB4AF59300F54819DE1457B242EB746B08CBA2
                                                                                                                      Function 00F2260F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                        • Part of subcall function 00EA4C50: _DebugHeapAllocator.LIBCPMTD ref: 00EA4C9B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F226A5
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00F226D6
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: page_switching_error$product
                                                                                                                      • API String ID: 520439995-1093389599
                                                                                                                      • Opcode ID: 63429078310c78dca8c8c2afd3c1535750e813d12e1347bb5ff155bb4990fe81
                                                                                                                      • Instruction ID: 8da61e3eee3e1d968b90c03298f294bf7511ad08d2773c8f2fff80765688923d
                                                                                                                      • Opcode Fuzzy Hash: 63429078310c78dca8c8c2afd3c1535750e813d12e1347bb5ff155bb4990fe81
                                                                                                                      • Instruction Fuzzy Hash: 124147B1D11248EACF04EBE4DD46BDDBBB5AF59304F54809DE0457B242DB742B08CBA2
                                                                                                                      Function 00FECC50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE62
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE71
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE7D
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDEE8C
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FECCE0
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00FECD27
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                      • String ID: Win32_PnPSignedDriver $Win32_Product
                                                                                                                      • API String ID: 520439995-1641632294
                                                                                                                      • Opcode ID: 1ba73a6c9e2c3fba5abc6a750e480bd2be8ff9c8b60d32f399264c4082bbae80
                                                                                                                      • Instruction ID: 5e296aa0ee2718358508a8d78c3ef1aa44800ebdf061379797465ea5d65cf80c
                                                                                                                      • Opcode Fuzzy Hash: 1ba73a6c9e2c3fba5abc6a750e480bd2be8ff9c8b60d32f399264c4082bbae80
                                                                                                                      • Instruction Fuzzy Hash: 3D414CB1D00249DBCB04EFA8C9467EEBBB4EF49310F108619E8157B381EB306A05CBD1
                                                                                                                      Function 00EEAC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: T!$type must be number, but is
                                                                                                                      • API String ID: 1384045349-2010933093
                                                                                                                      • Opcode ID: 150fede756c81a2773150410332e0b74403f3fb2cb5e4fbe087e959b4400e256
                                                                                                                      • Instruction ID: e5bda533422f09103f8c69f2ca806181a70bd93e3db405a748dba6a00af6e068
                                                                                                                      • Opcode Fuzzy Hash: 150fede756c81a2773150410332e0b74403f3fb2cb5e4fbe087e959b4400e256
                                                                                                                      • Instruction Fuzzy Hash: 56311CB5900659DFCB04DFA4C891AEEBBB5FF49304F10826DE8166B391DB306A06CB91
                                                                                                                      Function 00EF4510 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00EF4552
                                                                                                                        • Part of subcall function 00EFE0E0: task.LIBCPMTD ref: 00EFE152
                                                                                                                        • Part of subcall function 00EFE0E0: task.LIBCPMTD ref: 00EFE15E
                                                                                                                        • Part of subcall function 00EFE0E0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EFE173
                                                                                                                        • Part of subcall function 00EFE0E0: task.LIBCPMTD ref: 00EFE18B
                                                                                                                        • Part of subcall function 0100A65E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EBB11C,?,?,?,?,00EBB11C,?,01063DA4,?,?,00E9D9BF), ref: 0100A6BE
                                                                                                                      • task.LIBCPMTD ref: 00EF45B0
                                                                                                                      • task.LIBCPMTD ref: 00EF460F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorExceptionMutex_baseMutex_base::~_Raisestd::_
                                                                                                                      • String ID: cannot get value
                                                                                                                      • API String ID: 2040463758-2333289761
                                                                                                                      • Opcode ID: 95254d7f457f9bba59be8649b38d1a2b929178df2e3106178ca8c5e53994cc26
                                                                                                                      • Instruction ID: 0cb820430350a052e6dc79a52a8388bc7ead2f6b970013a0f6b4269d077dcc77
                                                                                                                      • Opcode Fuzzy Hash: 95254d7f457f9bba59be8649b38d1a2b929178df2e3106178ca8c5e53994cc26
                                                                                                                      • Instruction Fuzzy Hash: B931BFB1D0024DABDB14EBA4CC52BFEB7B4AF49708F10565CE1217B2D2DB756A04CBA1
                                                                                                                      Function 00EEAD60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD22
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD2E
                                                                                                                        • Part of subcall function 00EBDCB0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EBDD43
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD5B
                                                                                                                        • Part of subcall function 0100A65E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EBB11C,?,?,?,?,00EBB11C,?,01063DA4,?,?,00E9D9BF), ref: 0100A6BE
                                                                                                                      • task.LIBCPMTD ref: 00EEADFB
                                                                                                                      • task.LIBCPMTD ref: 00EEAE0A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorExceptionRaise
                                                                                                                      • String ID: t!$type must be string, but is
                                                                                                                      • API String ID: 2403370058-428884511
                                                                                                                      • Opcode ID: 4a0eac87e6884f8513770201f0ec3c0581db8328372416d83778fd39f53284fd
                                                                                                                      • Instruction ID: b97028c667e4454ba5705a17cde66d4018156aaef7b768079e3f3611022a2323
                                                                                                                      • Opcode Fuzzy Hash: 4a0eac87e6884f8513770201f0ec3c0581db8328372416d83778fd39f53284fd
                                                                                                                      • Instruction Fuzzy Hash: 0C211DB5D00248DBCB04DFA4D991AEEBBB5FF48710F50426DE4157B391EB35AA05CBA0
                                                                                                                      Function 00FF4470 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Cnd_broadcastCurrentMtx_unlockThread
                                                                                                                      • String ID: g
                                                                                                                      • API String ID: 2021000804-1037297435
                                                                                                                      • Opcode ID: fd47756df48011789fdae52f8e2ccaaaea64e1a9be4da0d6d68468a79382fbda
                                                                                                                      • Instruction ID: 355cee29719b1c2562fcca8e2f9d3180fd4028f15c45b85f1098e7d9b167de8c
                                                                                                                      • Opcode Fuzzy Hash: fd47756df48011789fdae52f8e2ccaaaea64e1a9be4da0d6d68468a79382fbda
                                                                                                                      • Instruction Fuzzy Hash: 0B01BC31A0070A9BDB21DB65D8517BBB3A9EF00365F100429EB16E7221EB79FC10FB90
                                                                                                                      Function 00F1EBB0 Relevance: 6.4, APIs: 4, Instructions: 447memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 757790273-0
                                                                                                                      • Opcode ID: 45a542fc5ede031a4ddcf26d11bfdca32cd180332d39276763781560a3781e47
                                                                                                                      • Instruction ID: ba401184330dcf03f1044d99c05094f60d6e6104b2b907606c67f50ede44110d
                                                                                                                      • Opcode Fuzzy Hash: 45a542fc5ede031a4ddcf26d11bfdca32cd180332d39276763781560a3781e47
                                                                                                                      • Instruction Fuzzy Hash: 3D22F571D04258DFCB14DFA4C891BEEBBB1AF59300F1081A9E509BB292DB346E85CF91
                                                                                                                      Function 00FF0550 Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00F1DCA0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F1DCE4
                                                                                                                      • task.LIBCPMTD ref: 00FF0605
                                                                                                                      • task.LIBCPMTD ref: 00FF0777
                                                                                                                      • task.LIBCPMTD ref: 00FF07A1
                                                                                                                      • task.LIBCPMTD ref: 00FF07B3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$ProcessorVirtual$Concurrency::RootRoot::
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3211395705-0
                                                                                                                      • Opcode ID: 8eb82fd200baf6bc18d35e9a4c8bee7983b88210298daa0f0add03903c2197cb
                                                                                                                      • Instruction ID: dab994bfb697ee9e02d46c30bc8afe30b31d17912b472ca258ca49432f234eae
                                                                                                                      • Opcode Fuzzy Hash: 8eb82fd200baf6bc18d35e9a4c8bee7983b88210298daa0f0add03903c2197cb
                                                                                                                      • Instruction Fuzzy Hash: 25716B70900249CBDB14DF98C8557EEB7B1FF49314F208268D621AB2E2DB786E45CF94
                                                                                                                      Function 00FF2140 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • inet_addr.WS2_32(00000000), ref: 00FF218A
                                                                                                                      • SendARP.IPHLPAPI(00000000), ref: 00FF2191
                                                                                                                      • task.LIBCPMTD ref: 00FF219A
                                                                                                                        • Part of subcall function 00F12790: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00F127D4
                                                                                                                      • task.LIBCPMTD ref: 00FF22BF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcessorVirtualtask$Concurrency::RootRoot::Sendinet_addr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1619764126-0
                                                                                                                      • Opcode ID: 2dff722df9fe3000bed2a523c8d50f136f785ac38c788b3fc2480b004d671448
                                                                                                                      • Instruction ID: ded63c8c1abf95f94624ee8bbabef525106d4f4dd5a64ea7f182f7fc44b1778b
                                                                                                                      • Opcode Fuzzy Hash: 2dff722df9fe3000bed2a523c8d50f136f785ac38c788b3fc2480b004d671448
                                                                                                                      • Instruction Fuzzy Hash: 7751FCB1D002089FCB14EFA4DC91BEEBBB5EF49700F108169E515BB291EB746A45CFA1
                                                                                                                      Function 00EF6350 Relevance: 6.1, APIs: 4, Instructions: 109memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowTextW.USER32(?,?,00000100), ref: 00EF638B
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EF639C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE561
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE626
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EF63ED
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE76C
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE77B
                                                                                                                        • Part of subcall function 00EDE500: task.LIBCPMTD ref: 00EDE78A
                                                                                                                      • task.LIBCPMTD ref: 00EF64B0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$AllocatorDebugHeap$TextWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3872597478-0
                                                                                                                      • Opcode ID: b900b30376212c14758ae5ec2553922c9604a8a379bdba5c04abfc210d543e27
                                                                                                                      • Instruction ID: d3f2660469d1960d944ca21daa2f74a7f9cc1aa2636c3ceddb1dde4e28e9eafa
                                                                                                                      • Opcode Fuzzy Hash: b900b30376212c14758ae5ec2553922c9604a8a379bdba5c04abfc210d543e27
                                                                                                                      • Instruction Fuzzy Hash: 9F418AB1D0021DABCB04EFD4DC56AEEBBB4BF48310F104618E525BB280EB746A04CBA0
                                                                                                                      Function 00F08E30 Relevance: 6.1, APIs: 4, Instructions: 54registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegCreateKeyW.ADVAPI32(?,00000000,?), ref: 00F08E47
                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 00F08E6A
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F08E78
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F08E9B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$Base::Concurrency::details::ContextCreateDeleteIdentityQueueValueWork
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3000994150-0
                                                                                                                      • Opcode ID: 2d71582ecc29be191bd5d600416ee62aab9a435735f037330aa499bac643a8fb
                                                                                                                      • Instruction ID: cce28b0a2b6b8a19143cf940ee9333b1dee4b768f9af4499dca180d8dc25e526
                                                                                                                      • Opcode Fuzzy Hash: 2d71582ecc29be191bd5d600416ee62aab9a435735f037330aa499bac643a8fb
                                                                                                                      • Instruction Fuzzy Hash: 8F11637580014CBBCB14EFE4C855BEEBBB8AF19300F408198F955AB246DF35AA05DB90
                                                                                                                      Function 00FF47C5 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FF47CC
                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FF47D7
                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FF4845
                                                                                                                        • Part of subcall function 00FF4957: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00FF496F
                                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 00FF47F2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 677527491-0
                                                                                                                      • Opcode ID: 64e971b9a80d17233fb81242025cb8f50fc54571121ce7f094ce7343f6e43bdf
                                                                                                                      • Instruction ID: 56a83a1395795c67cc0205086e51a6248fa9ace1f1af8d0f4206a6469f6fde3d
                                                                                                                      • Opcode Fuzzy Hash: 64e971b9a80d17233fb81242025cb8f50fc54571121ce7f094ce7343f6e43bdf
                                                                                                                      • Instruction Fuzzy Hash: 0801D475A001169BC716EF20C8945BE7BB1FFC8360B244009EA5557395CF786E06DBC1
                                                                                                                      Function 00F18CB0 Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00F18CCA
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00F18CCF
                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00F18CDE
                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00F18CFD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2261580123-0
                                                                                                                      • Opcode ID: 1ff7e5a1df516fc406b2281bda1e793d121dde548934cbfe11c47ea9e1e1e06e
                                                                                                                      • Instruction ID: 66efc08113596739ce1d3c7e3c66ce976b02e34189aefe167d980b1c46614223
                                                                                                                      • Opcode Fuzzy Hash: 1ff7e5a1df516fc406b2281bda1e793d121dde548934cbfe11c47ea9e1e1e06e
                                                                                                                      • Instruction Fuzzy Hash: 30013B70E00209ABC704EFA5DA42BAEF7F5AF44300F14C1A9E60897391DB75AE41EA91
                                                                                                                      Function 00EC8A7C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1384045349-0
                                                                                                                      • Opcode ID: 3c10029b8ebbe22186b5bf82de08d5b15e6acca02378eed98a1ba2b13347b0af
                                                                                                                      • Instruction ID: 9aceb2e655914275f440dc7274ec6df056e02478605b8ca2e98cfe3e0bdf19a0
                                                                                                                      • Opcode Fuzzy Hash: 3c10029b8ebbe22186b5bf82de08d5b15e6acca02378eed98a1ba2b13347b0af
                                                                                                                      • Instruction Fuzzy Hash: EF012930806289DACB04EBA4C9597EDBBB0AF36304F6191D8D0423B193DB742F48DB92
                                                                                                                      Function 00F16D60 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 464COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDECF0: task.LIBCPMTD ref: 00EDED8E
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      • OpenEventW.KERNEL32(001F0003,00000001,00000000), ref: 00F16E70
                                                                                                                      • task.LIBCPMTD ref: 00F174AA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Base::Concurrency::details::ContextEventIdentityOpenQueueWork
                                                                                                                      • String ID: ClosingEvent
                                                                                                                      • API String ID: 1950679488-2998232585
                                                                                                                      • Opcode ID: dbda21461ffcce614ec26ac1a45fdb256464da3608521eb6e0d64f32b76eb8ca
                                                                                                                      • Instruction ID: b09cce354bb4669d1748b6317b3fc88c2bfd88e4d9ce6cf5727b7c76ed6df7fa
                                                                                                                      • Opcode Fuzzy Hash: dbda21461ffcce614ec26ac1a45fdb256464da3608521eb6e0d64f32b76eb8ca
                                                                                                                      • Instruction Fuzzy Hash: 1C22F770D01259DBDB14EBA8CD56BDDBBB2AF5A300F4495DDE0496B342DB302A84CFA1
                                                                                                                      Function 00ED82F0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 339COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 1384045349-2766056989
                                                                                                                      • Opcode ID: a60168715cf1746c17116756f024f68e527437cbe94c4cc75f722d85110fd3a7
                                                                                                                      • Instruction ID: 9cc305936ea93aee4155ff6f5ec869fa5f2763383cbfd939cc065af03530f2ef
                                                                                                                      • Opcode Fuzzy Hash: a60168715cf1746c17116756f024f68e527437cbe94c4cc75f722d85110fd3a7
                                                                                                                      • Instruction Fuzzy Hash: 45E119B19001499FCB04DF98DA91AEEB7F5EF49304F14915AF519BB352DB34AE02CBA0
                                                                                                                      Function 00E94170 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00E98C30: _DebugHeapAllocator.LIBCPMTD ref: 00E98C65
                                                                                                                      • _Smanip.LIBCPMTD ref: 00E944F1
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueSmanipWork
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 2791413155-1077428164
                                                                                                                      • Opcode ID: 1f8614a768cb47c8e5f8e0d05f6ee4cd70d0f89462c3f5fef53d54fe40545c47
                                                                                                                      • Instruction ID: 846ccf89382508810d654b00ad9bc93c2adb66c1ff6990b6c10bce454aa4fdf9
                                                                                                                      • Opcode Fuzzy Hash: 1f8614a768cb47c8e5f8e0d05f6ee4cd70d0f89462c3f5fef53d54fe40545c47
                                                                                                                      • Instruction Fuzzy Hash: 1DD13A71D01258DBDB14EBA8C956BDDBBB5AF1A300F1481DDE1497B242DB702B48CFA2
                                                                                                                      Function 00E92B20 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00E98C30: _DebugHeapAllocator.LIBCPMTD ref: 00E98C65
                                                                                                                      • _Smanip.LIBCPMTD ref: 00E92EA1
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueSmanipWork
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 2791413155-1077428164
                                                                                                                      • Opcode ID: 65e3691699481bbf31e657c2280d376fda1598ce9317cc2ef2fe777ead392708
                                                                                                                      • Instruction ID: 0dd5be556ad1949ab4e5cf242d9a20bbb2d92cae129b55a6196dbc4f5f666fae
                                                                                                                      • Opcode Fuzzy Hash: 65e3691699481bbf31e657c2280d376fda1598ce9317cc2ef2fe777ead392708
                                                                                                                      • Instruction Fuzzy Hash: 15D14C71D01258DBDB14EBA8C945BDDBBB5AF1A300F5481DEE1497B242DB702B48CFA2
                                                                                                                      Function 00E949B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00E98640: _DebugHeapAllocator.LIBCPMTD ref: 00E9865F
                                                                                                                      • _Smanip.LIBCPMTD ref: 00E94CFE
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueSmanipWork
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 2791413155-1077428164
                                                                                                                      • Opcode ID: 905a34f282e796bd6dbf64c6bed377d03b7f63ac62dab7f8d00488b1d01ff870
                                                                                                                      • Instruction ID: 83d8bd80338c80393428ba5f873f74379126bacf58c3e406db7a2b836d25dda7
                                                                                                                      • Opcode Fuzzy Hash: 905a34f282e796bd6dbf64c6bed377d03b7f63ac62dab7f8d00488b1d01ff870
                                                                                                                      • Instruction Fuzzy Hash: 69C12A70C00258DBDF14EBA8C955BDDBBB4AF1A300F54919DE1497B282EB701B48CFA2
                                                                                                                      Function 00FF809E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldiv
                                                                                                                      • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                      • API String ID: 3732870572-1956417402
                                                                                                                      • Opcode ID: 7de1223b32731baad09bd33bf0c0fc2dcb7b7c957c6e35fa26e97893541df21a
                                                                                                                      • Instruction ID: 9d8adbb1ec6b8a92930865334b72678f54ba5178c8ee32871d2de7d45ddd043c
                                                                                                                      • Opcode Fuzzy Hash: 7de1223b32731baad09bd33bf0c0fc2dcb7b7c957c6e35fa26e97893541df21a
                                                                                                                      • Instruction Fuzzy Hash: 91515931E0064D5FDF258FAD88807BEBBB9AF463A0F14455AD690EB360CB709943AB50
                                                                                                                      Function 00EE44E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ECAFA0: _Min_value.LIBCPMTD ref: 00ECAFCD
                                                                                                                      • allocator.LIBCONCRTD ref: 00EE4574
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Min_valueallocator
                                                                                                                      • String ID: c?$c?
                                                                                                                      • API String ID: 2162267568-241595552
                                                                                                                      • Opcode ID: 45877d461a6fb8c88ead500df0671ae42d070ffd1a7d812abc56e53e3610e98d
                                                                                                                      • Instruction ID: dd47faca75018d7a3788b3a43527559f4230f6b468d1c7a6c3bbff45dcfeb119
                                                                                                                      • Opcode Fuzzy Hash: 45877d461a6fb8c88ead500df0671ae42d070ffd1a7d812abc56e53e3610e98d
                                                                                                                      • Instruction Fuzzy Hash: F451D2B1E00109AFDB18DF99D9919EEB7F5FF88314F208229E519B7354E730A901CBA1
                                                                                                                      Function 00EE48C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ECAFA0: _Min_value.LIBCPMTD ref: 00ECAFCD
                                                                                                                      • allocator.LIBCONCRTD ref: 00EE4954
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Min_valueallocator
                                                                                                                      • String ID: C@$C@
                                                                                                                      • API String ID: 2162267568-2099624620
                                                                                                                      • Opcode ID: 312e291583d7e95933e4a22ad5a5d45e1aa68f776b91d8b251889b90eb7d7750
                                                                                                                      • Instruction ID: 34e511f24927fc34652b9e6ccf092893ed893a298dd6b15840f8d417c8d9006d
                                                                                                                      • Opcode Fuzzy Hash: 312e291583d7e95933e4a22ad5a5d45e1aa68f776b91d8b251889b90eb7d7750
                                                                                                                      • Instruction Fuzzy Hash: EB51D3B5E00109AFDB08DF99D9919EEB7F5FF88314F208269E519B7351E730A901CBA1
                                                                                                                      Function 00EE4CA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00ECAFA0: _Min_value.LIBCPMTD ref: 00ECAFCD
                                                                                                                      • allocator.LIBCONCRTD ref: 00EE4D34
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Min_valueallocator
                                                                                                                      • String ID: #A$#A
                                                                                                                      • API String ID: 2162267568-3820836738
                                                                                                                      • Opcode ID: 46cdb8f776b3dd3b19f64526c7db013a1bdf8611c6cae5db9910f5853d7cde01
                                                                                                                      • Instruction ID: a0563baa97afb893448d6ebea47d5e21584dc5d42d1379a2ddbbb5f9ea1b95d2
                                                                                                                      • Opcode Fuzzy Hash: 46cdb8f776b3dd3b19f64526c7db013a1bdf8611c6cae5db9910f5853d7cde01
                                                                                                                      • Instruction Fuzzy Hash: FA51C1B1E00109AFDB08DF99D9919EEB7F5FF88314F208229E519B7354E730A901CBA1
                                                                                                                      Function 00EB2130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EDBD60: task.LIBCPMTD ref: 00EDBDFD
                                                                                                                      • task.LIBCPMTD ref: 00EB21B2
                                                                                                                        • Part of subcall function 00EA4790: _DebugHeapAllocator.LIBCPMTD ref: 00EA47C6
                                                                                                                        • Part of subcall function 00EA4790: _DebugHeapAllocator.LIBCPMTD ref: 00EA47E2
                                                                                                                        • Part of subcall function 00EA4790: _DebugHeapAllocator.LIBCPMTD ref: 00EA47FB
                                                                                                                        • Part of subcall function 00EA4790: _DebugHeapAllocator.LIBCPMTD ref: 00EA481F
                                                                                                                        • Part of subcall function 00EA4790: _DebugHeapAllocator.LIBCPMTD ref: 00EA4838
                                                                                                                      • shared_ptr.LIBCMTD ref: 00EB21F3
                                                                                                                        • Part of subcall function 00EBE800: std::_Throw_Cpp_error.LIBCPMT ref: 00EBE81A
                                                                                                                        • Part of subcall function 00EBE800: std::_Throw_Cpp_error.LIBCPMT ref: 00EBE837
                                                                                                                        • Part of subcall function 00EA91B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 00EA91BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap$Cpp_errorThrow_std::_task$Base::Concurrency::details::ContextIdentityQueueWorkshared_ptr
                                                                                                                      • String ID: %ws\download\%ws
                                                                                                                      • API String ID: 3305665215-847097582
                                                                                                                      • Opcode ID: e68448b84efef0a5929c14e2a365c9f501a32371317e36d9eb792527a74301a1
                                                                                                                      • Instruction ID: a1311cecd1caf9fa92dd804f902209fda7c6479139789ca64e77343c64dddc5f
                                                                                                                      • Opcode Fuzzy Hash: e68448b84efef0a5929c14e2a365c9f501a32371317e36d9eb792527a74301a1
                                                                                                                      • Instruction Fuzzy Hash: BF413A71C0124DEFCB05DF94C991AEEBBB4AF69300F14815DE5157B292EB346B08CBA2
                                                                                                                      Function 00ECC120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD22
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD2E
                                                                                                                        • Part of subcall function 00EBDCB0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EBDD43
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD5B
                                                                                                                        • Part of subcall function 0100A65E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EBB11C,?,?,?,?,00EBB11C,?,01063DA4,?,?,00E9D9BF), ref: 0100A6BE
                                                                                                                      • task.LIBCPMTD ref: 00ECC1D1
                                                                                                                      • task.LIBCPMTD ref: 00ECC1E0
                                                                                                                      Strings
                                                                                                                      • cannot use push_back() with , xrefs: 00ECC189
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorExceptionRaise
                                                                                                                      • String ID: cannot use push_back() with
                                                                                                                      • API String ID: 2403370058-4122110429
                                                                                                                      • Opcode ID: ee7bbd9ce619d05076bf45b02544048fd99680032bb2ef71b694b51857fb5ff9
                                                                                                                      • Instruction ID: 65dcc2b89385628c6408d76cc67d02d0cfd4f9fa030c83aff33e24c5fe1f2049
                                                                                                                      • Opcode Fuzzy Hash: ee7bbd9ce619d05076bf45b02544048fd99680032bb2ef71b694b51857fb5ff9
                                                                                                                      • Instruction Fuzzy Hash: E1311DB5D002099BCB04DFA5D992BEEF7B4BF48300F10956DE415BB282DB35AE05CBA0
                                                                                                                      Function 00FE6980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD22
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD2E
                                                                                                                        • Part of subcall function 00EBDCB0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 00EBDD43
                                                                                                                        • Part of subcall function 00EBDCB0: task.LIBCPMTD ref: 00EBDD5B
                                                                                                                        • Part of subcall function 0100A65E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EBB11C,?,?,?,?,00EBB11C,?,01063DA4,?,?,00E9D9BF), ref: 0100A6BE
                                                                                                                      • task.LIBCPMTD ref: 00FE6A5C
                                                                                                                      • task.LIBCPMTD ref: 00FE6A6B
                                                                                                                      Strings
                                                                                                                      • cannot use operator[] with a string argument with , xrefs: 00FE6A14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorExceptionRaise
                                                                                                                      • String ID: cannot use operator[] with a string argument with
                                                                                                                      • API String ID: 2403370058-2766135566
                                                                                                                      • Opcode ID: aa2c4c9b6a15ec13425598739dc0542a37e024d14bf34399ad4ff731d2131eae
                                                                                                                      • Instruction ID: 1720aa5bbee4d7c5fb4330e13285cadf7cd6d7ec7d2fc3881957d23f2fa75c0a
                                                                                                                      • Opcode Fuzzy Hash: aa2c4c9b6a15ec13425598739dc0542a37e024d14bf34399ad4ff731d2131eae
                                                                                                                      • Instruction Fuzzy Hash: 67312BB1D00259DFCB04EFA4D992AEEB7B4BF58300F10456DE455BB282DB35AA05CBA1
                                                                                                                      Function 00EBA8D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • allocator.LIBCONCRTD ref: 00EBA92C
                                                                                                                        • Part of subcall function 00EBBE70: _Allocate.LIBCONCRTD ref: 00EBBE84
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Allocateallocator
                                                                                                                      • String ID: *$*
                                                                                                                      • API String ID: 40054573-2168795450
                                                                                                                      • Opcode ID: af613e83d9a01df793ec9f345d45dd388d4d5217aaf4023ef7b63f5bd988f206
                                                                                                                      • Instruction ID: a7a684cafe02cfbe5363633be46296720c53525ddac5e8c52c5a5b249ba558f9
                                                                                                                      • Opcode Fuzzy Hash: af613e83d9a01df793ec9f345d45dd388d4d5217aaf4023ef7b63f5bd988f206
                                                                                                                      • Instruction Fuzzy Hash: D321D4B5E042099FCB04DF99D981AEEFBF9EB8D310F208269E515B7390D7356901CBA1
                                                                                                                      Function 00EF4400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00EF443C
                                                                                                                      • task.LIBCPMTD ref: 00EF44AD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Mutex_baseMutex_base::~_std::_task
                                                                                                                      • String ID: cannot get value
                                                                                                                      • API String ID: 2651519110-2333289761
                                                                                                                      • Opcode ID: 88d61130293de35c502938d569ef61d8adfeadb5908160bf607918c7c571a754
                                                                                                                      • Instruction ID: edab46624a8be886406bfe27f1d14a15255f284fe05591aa28ca54fd2a9a3556
                                                                                                                      • Opcode Fuzzy Hash: 88d61130293de35c502938d569ef61d8adfeadb5908160bf607918c7c571a754
                                                                                                                      • Instruction Fuzzy Hash: C411DFB0D042499BDB14DBA8C852BFEB7B4BF45304F105548E2627B3D2CB386904C761
                                                                                                                      Function 00FF4405 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00FF42F3: __Xtime_get_ticks.LIBCPMT ref: 00FF42F9
                                                                                                                        • Part of subcall function 00FF42F3: __aulldiv.LIBCMT ref: 00FF430B
                                                                                                                        • Part of subcall function 00FF42F3: __aullrem.LIBCMT ref: 00FF4321
                                                                                                                      • __Xtime_diff_to_millis2.LIBCPMT ref: 00FF4428
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,00EA4145,?), ref: 00FF4430
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SleepXtime_diff_to_millis2Xtime_get_ticks__aulldiv__aullrem
                                                                                                                      • String ID: EA
                                                                                                                      • API String ID: 1548275046-27981223
                                                                                                                      • Opcode ID: 03d2f5493384e894c1a2eb136e51da58b1cb15247b64054fe60d9711b814fb5d
                                                                                                                      • Instruction ID: a580cf2056eb24f4731ab3c98718a1e0cb871fea2254564a9fb29a49018f0a2c
                                                                                                                      • Opcode Fuzzy Hash: 03d2f5493384e894c1a2eb136e51da58b1cb15247b64054fe60d9711b814fb5d
                                                                                                                      • Instruction Fuzzy Hash: 64012C31D0420E9BCF14EBA4D9819BFB3B8EF44710B60045AE551B7494DA74BE449BA1
                                                                                                                      Function 00ED6210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • std::bad_exception::bad_exception.LIBCMTD ref: 00ED6235
                                                                                                                        • Part of subcall function 00ED6670: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00ED667E
                                                                                                                        • Part of subcall function 00EA80C0: std::_Lockit::_Lockit.LIBCPMT ref: 00EA80E9
                                                                                                                        • Part of subcall function 00EA80C0: _Yarn.LIBCPMTD ref: 00EA80FB
                                                                                                                        • Part of subcall function 00EA80C0: _Yarn.LIBCPMTD ref: 00EA810A
                                                                                                                        • Part of subcall function 00EA80C0: _Yarn.LIBCPMTD ref: 00EA8119
                                                                                                                        • Part of subcall function 00EA80C0: _Yarn.LIBCPMTD ref: 00EA8128
                                                                                                                        • Part of subcall function 00EA80C0: _Yarn.LIBCPMTD ref: 00EA8137
                                                                                                                        • Part of subcall function 00EA80C0: _Yarn.LIBCPMTD ref: 00EA8146
                                                                                                                        • Part of subcall function 00EA80C0: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EA815D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Yarn$Topologystd::_$Concurrency::details::Core::GlobalLocinfo::_Locinfo_ctorLockitLockit::_ObjectObject::std::bad_exception::bad_exception
                                                                                                                      • String ID: -f$-f
                                                                                                                      • API String ID: 1218696879-2661240267
                                                                                                                      • Opcode ID: 6e9ee722099c37aeaacf9d47029506f815f4b9298be1c6b59b556342956faacc
                                                                                                                      • Instruction ID: 81117e3eea880922cce042bef0f837c3b7227ff3826b63fcc842a6e8f33c2f19
                                                                                                                      • Opcode Fuzzy Hash: 6e9ee722099c37aeaacf9d47029506f815f4b9298be1c6b59b556342956faacc
                                                                                                                      • Instruction Fuzzy Hash: 26014BB1904248EBCB04DF98CE51BAEBBB4FB45710F104669E4616B791DB742A05CB91
                                                                                                                      Function 00EA4CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00EA4D39
                                                                                                                        • Part of subcall function 00EAB010: _DebugHeapAllocator.LIBCPMTD ref: 00EAB01E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeap
                                                                                                                      • String ID: F4$F4
                                                                                                                      • API String ID: 571936431-3748498359
                                                                                                                      • Opcode ID: ef274fbd8809fa2d1061b47c2f35efdff779acb5fc9e879da4199310d25ac110
                                                                                                                      • Instruction ID: 122e4c666dd08b669ca4d267612555be49f593b49180f81fbbbceaf0b25a4bd8
                                                                                                                      • Opcode Fuzzy Hash: ef274fbd8809fa2d1061b47c2f35efdff779acb5fc9e879da4199310d25ac110
                                                                                                                      • Instruction Fuzzy Hash: 91F012B5904659EBCB14DF88DC51BAFB7B9FB89720F008619F425AB7C0CB346900CB90
                                                                                                                      Function 01008DA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(010915F8,?,?,?,00EB3758,01087B38,?,00EB366D,00000000,01034060,000000FF,?,00EA4B91,010879C8,00000000,0103470D), ref: 01008DAF
                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(010915F8,?,?,?,00EB3758,01087B38,?,00EB366D,00000000,01034060,000000FF,?,00EA4B91,010879C8,00000000,0103470D), ref: 01008DE9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000010.00000002.2591205206.0000000000E91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                      • Associated: 00000010.00000002.2591075658.0000000000E90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592293339.0000000001040000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592576004.0000000001070000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2592803521.0000000001071000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593246078.0000000001083000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593568098.0000000001085000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001087000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2593843381.0000000001090000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      • Associated: 00000010.00000002.2594467014.0000000001093000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_16_2_e90000_PcAppStore.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                      • String ID: R
                                                                                                                      • API String ID: 17069307-3347607022
                                                                                                                      • Opcode ID: e648aaa2951389a7726caf54be88263116f2890d1230cf800a00b37fa8febf2e
                                                                                                                      • Instruction ID: 005e9bd1555b15628a23066bf6edaedb4a15b152a1f6803f2425f77bb9898d4c
                                                                                                                      • Opcode Fuzzy Hash: e648aaa2951389a7726caf54be88263116f2890d1230cf800a00b37fa8febf2e
                                                                                                                      • Instruction Fuzzy Hash: 05F0A038A00106DBE721BF18D444BA9BBA8FB95731F15832FEAEA473C4CB351842CB51