Edit tour

Windows Analysis Report
AX3-GUI-45.exe

Overview

General Information

Sample name:	AX3-GUI-45.exe
Analysis ID:	1513990
MD5:	ae4414edd46c7769589c35beeee7d0de
SHA1:	e0885269d15b87afb2b3b8e570c7c06fc28db7eb
SHA256:	00de5f7503d19911ff05e808f91cd24b6a1ac2394048fd83e7061d531cd66b11
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

.NET source code contains potential unpacker

Installs new ROOT certificates

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Sigma detected: Dot net compiler compiles file from suspicious location

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Compiles C# or VB.Net code

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to get notified if a device is plugged in / out

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the driver directory

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops certificate files (DER)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64_ra

AX3-GUI-45.exe (PID: 1248 cmdline: "C:\Users\user\Desktop\AX3-GUI-45.exe" MD5: AE4414EDD46C7769589C35BEEEE7D0DE)

AX3-GUI-45.tmp (PID: 1140 cmdline: "C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp" /SL5="$3031E,5170833,869888,C:\Users\user\Desktop\AX3-GUI-45.exe" MD5: 48C6508A6FD96E62F8796701A0200C8F)

setup-ax3-driver.exe (PID: 4284 cmdline: "C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe" MD5: 0ABD9CF2D191036D778F6F1FBE25FAE1)

setup-ax3-driver.tmp (PID: 1792 cmdline: "C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp" /SL5="$303AC,681477,54272,C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe" MD5: 67C5A4F36E1C91A3B85E440EDD7AD026)

dpinst64.exe (PID: 3084 cmdline: "C:\Program Files\AX3-Driver\DPInst64.exe" /F /SA /SE /SW MD5: BE3C79033FA8302002D9D3A6752F2263)

OmGui.exe (PID: 1976 cmdline: "C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe" MD5: 12FEEE099449453BA386F8FBA6C72090)

csc.exe (PID: 3196 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline" MD5: 2B9482EB5D3AF71029277E18F6C656C0)

conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 3800 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB0D8.tmp" "c:\Users\user\AppData\Local\Temp\CSCB0D7.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)

drvinst.exe (PID: 3860 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\mchp_msd_cdc.inf" "9" "4987fa53f" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\ax3-driver" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)

rundll32.exe (PID: 1108 cmdline: rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{7c625ec4-61d9-164e-840d-2046461dc20b} Global\{b92b5db1-df95-844c-847a-8711f98cae99} C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat MD5: EF3179D498793BF4234F708D3BE28633)

OmGui.exe (PID: 2988 cmdline: "C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe" MD5: 12FEEE099449453BA386F8FBA6C72090)

csc.exe (PID: 6864 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline" MD5: 2B9482EB5D3AF71029277E18F6C656C0)

conhost.exe (PID: 828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 3880 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8733.tmp" "c:\Users\user\AppData\Local\Temp\CSC8732.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)

cleanup

Sigma Signatures

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe, ProcessId: 1976, TargetFilename: C:\Users\user\AppData\Local\Temp\ynurxton.cmdline

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, ParentCommandLine: "C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe", ParentImage: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe, ParentProcessId: 1976, ParentProcessName: OmGui.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline", ProcessId: 3196, ProcessName: csc.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: AX3-GUI-45.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.18:64145 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.18:64151 version: TLS 1.0

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-1AU9V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-HV6IN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-J7GAN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-GKB03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-IA9T3.tmp	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C12D7D33-3050-44D8-8ADA-8ADCFA9368A5}_is1

Jump to behavior

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: AX3-GUI-45.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Newcastle\Projects\openmovement-googlecode\trunk\Software\AX3\cwa-convert\c\Release\cwa-convert.pdb source: is-2V0T7.tmp.2.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\omgui\obj\x86\Release\OmGui.pdb source: OmGui.exe, 00000011.00000000.1819849505.0000000000499000.00000002.00000001.01000000.0000000F.sdmp, is-RR9DL.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\openmovement-googlecode\trunk\Software\AX3\cwa-convert\c\Release\cwa-convert.pdb source: is-2V0T7.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\Embedded\Bootloader.svn\Software\Booter\Release\booter.pdb source: is-JQO0H.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\omconvert\src\omconvert\Release\omconvert.pdb source: is-J23G1.tmp.2.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\Release\libomapi.pdb source: OmGui.exe, 00000011.00000002.2435380627.000000006D787000.00000002.00000001.01000000.00000015.sdmp, OmGui.exe, 0000001B.00000002.2644204260.000000006D65E000.00000002.00000001.01000000.00000015.sdmp, is-KHHI7.tmp.2.dr
Source:	Binary string: DpInst.pdbH source: dpinst64.exe, 0000000C.00000000.1607970434.00007FF7C4D71000.00000020.00000001.01000000.0000000D.sdmp, is-IA9T3.tmp.11.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\omapinet\obj\x86\Release\OmApiNet.pdbD source: OmGui.exe, 00000011.00000002.2431407017.0000000006822000.00000002.00000001.01000000.00000014.sdmp, is-6J897.tmp.2.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\omapinet\obj\x86\Release\OmApiNet.pdb source: OmGui.exe, OmGui.exe, 00000011.00000002.2431407017.0000000006822000.00000002.00000001.01000000.00000014.sdmp, is-6J897.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\openmovement\Software\AX3\cwa-convert\c\Release\cwa-convert.pdb source: is-A0K9N.tmp.2.dr
Source:	Binary string: l/.C:\Users\user\AppData\Local\Temp\18uiblpb.pdb source: OmGui.exe, 0000001B.00000002.2627071414.0000000003135000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ISADMINLOGGEDONRelease\isunzlib.pdb source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\zlib-dll\Release\isunzlib.pdb source: AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000003.1816052530.0000000000547000.00000004.00000020.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000003.1570685179.0000000003280000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000003.1570614557.0000000002270000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, _isdecmp.dll.11.dr
Source:	Binary string: DpInst.pdb source: dpinst64.exe, 0000000C.00000000.1607970434.00007FF7C4D71000.00000020.00000001.01000000.0000000D.sdmp, is-GKB03.tmp.11.dr, is-IA9T3.tmp.11.dr
Source:	Binary string: DpInst.pdbp source: is-GKB03.tmp.11.dr

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D763C20 SetWindowLongW,GetWindowLongW,DefWindowProcW,PostQuitMessage,RegisterDeviceNotificationW,MessageBoxA,UnregisterDeviceNotification,KiUserCallbackDispatcher,DefWindowProcW,

17_2_6D763C20

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D77EEDE FindFirstFileExA,		17_2_6D77EEDE
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D64EEDE FindFirstFileExA,		27_2_6D64EEDE

Source: global traffic	HTTP traffic detected: GET /digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 185.199.109.133 185.199.109.133

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.18:64145 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.18:64151 version: TLS 1.0

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_00A3A09A recv,

17_2_00A3A09A

Source: global traffic	HTTP traffic detected: GET /digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: raw.githubusercontent.com

Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: rundll32.exe, 0000000F.00000002.1717433275.0000024CF3289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ve.
Source: rundll32.exe, 0000000F.00000002.1717433275.0000024CF3289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.verisign.c
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: drvinst.exe, 0000000E.00000003.1675616173.000001CEFFD82000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000002.1774878943.000001CEFFD88000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.1715493397.0000024CF3082000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: drvinst.exe, 0000000E.00000002.1774878943.000001CEFFD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: rundll32.exe, 0000000F.00000002.1716834225.0000024CF3019000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab~L
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.usertru
Source: is-4Q7OL.tmp.2.dr	String found in binary or memory: http://phrogz.net/JS/_ReuseLicense.txt
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/cscasha
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: OmGui.exe, 00000011.00000002.2417994733.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: OmGui.exe, 00000011.00000002.2417994733.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.0000000003158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.0000000003884000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823790897.0000000002504000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.2.dr	String found in binary or memory: http://tinyurl.com/dotnet35setup
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#affix
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#alerts
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#buttons
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#carousel
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#collapse
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#dropdowns
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#modals
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#popovers
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#scrollspy
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#tabs
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#tooltips
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#transitions
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/javascript.html#typeahead
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp, is-HGDEP.tmp.2.dr, is-QFTPQ.tmp.2.dr, is-EL75V.tmp.2.dr, is-OE01K.tmp.2.dr, is-9Q84H.tmp.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: is-BUMKQ.tmp.2.dr, is-J0MH5.tmp.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.txt
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 00000011.00000002.2426637226.00000000050C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: setup-ax3-driver.exe, 0000000A.00000003.1568817712.00000000021F8000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.exe, 0000000A.00000003.1568332014.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000000.1569562841.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-1AU9V.tmp.11.dr, setup-ax3-driver.tmp.10.dr	String found in binary or memory: http://www.innosetup.com/
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: is-HGDEP.tmp.2.dr	String found in binary or memory: http://www.modernizr.com/)
Source: AX3-GUI-45.exe, 00000000.00000003.1829505076.0000000002481000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000025F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openmovement.co.uk
Source: AX3-GUI-45.exe, 00000000.00000003.1372630436.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openmovement.co.uk:http://www.openmovement.co.uk:http://www.openmovement.co.uk
Source: AX3-GUI-45.exe, 00000000.00000003.1829505076.0000000002481000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openmovement.co.ukA
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000025F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openmovement.co.ukQ
Source: setup-ax3-driver.exe, 0000000A.00000003.1568817712.00000000021F8000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.exe, 0000000A.00000003.1568332014.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000000.1569562841.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-1AU9V.tmp.11.dr, setup-ax3-driver.tmp.10.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: setup-ax3-driver.exe, 0000000A.00000003.1568817712.00000000021F8000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.exe, 0000000A.00000003.1568332014.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000000.1569562841.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-1AU9V.tmp.11.dr, setup-ax3-driver.tmp.10.dr	String found in binary or memory: http://www.remobjects.com/psU
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: OmGui.exe, 0000001B.00000002.2627071414.000000000324A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/digitalinteraction/openmovement/releases/download/AX3-OmGui-v28/AX3-GUI-28.zip
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: https://jrsoftware.org/
Source: AX3-GUI-45.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: https://jrsoftware.org0
Source: OmGui.exe, 0000001B.00000002.2627071414.000000000324A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://openmovement.googlecode.com/svn/downloads/AX3/omgui.ini
Source: OmGui.exe, 00000011.00000002.2417994733.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.0000000003158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com
Source: OmGui.exe, 0000001B.00000002.2627071414.000000000324A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/AX3-GUI-28.zi
Source: OmGui.exe, 0000001B.00000002.2627071414.0000000003158000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.0000000003202000.00000004.00000800.00020000.00000000.sdmp, is-RR9DL.tmp.2.dr	String found in binary or memory: https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini
Source: OmGui.exe, 00000011.00000000.1819849505.0000000000322000.00000002.00000001.01000000.0000000F.sdmp, is-RR9DL.tmp.2.dr	String found in binary or memory: https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini3UPD
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS05
Source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: https://sectigo.com/CPS0D
Source: AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: AX3-GUI-45.exe, 00000000.00000003.1373824700.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.exe, 00000000.00000003.1374217105.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000000.1375883744.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-OG2TD.tmp.2.dr	String found in binary or memory: https://www.innosetup.com/
Source: AX3-GUI-45.exe, 00000000.00000003.1373824700.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.exe, 00000000.00000003.1374217105.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000000.1375883744.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-OG2TD.tmp.2.dr	String found in binary or memory: https://www.remobjects.com/ps

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64151
Source: unknown	Network traffic detected: HTTP traffic on port 64151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64145

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\is-J7GAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\mchp_msd_cdc.cat (copy)	Jump to dropped file
Source: C:\Program Files\AX3-Driver\dpinst64.exe	File created: C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\mchp_MSD_CDC.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\SET4972.tmp	Jump to dropped file
Source: C:\Program Files\AX3-Driver\dpinst64.exe	File created: C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\SET4099.tmp	Jump to dropped file

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 27_2_6D633C20 SetWindowLongW,GetWindowLongW,NtdllDefWindowProc_W,PostQuitMessage,RegisterDeviceNotificationW,MessageBoxA,UnregisterDeviceNotification,DestroyWindow,NtdllDefWindowProc_W,

27_2_6D633C20

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D762440: InterlockedDecrement,SysFreeString,VariantClear,__cftoe,VariantClear,__cftoe,CreateFileW,DeviceIoControl,CloseHandle,VariantClear,

17_2_6D762440

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}

Jump to behavior

Source: C:\Program Files\AX3-Driver\dpinst64.exe	File created: C:\Windows\DPINST.LOG	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mchp_msd_cdc.inf_amd64_4a6fccf2a250c2d5	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf	Jump to behavior

Source: C:\Windows\System32\drvinst.exe

File deleted: C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\SET4972.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_0229360F	11_3_0229360F
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_0229360F	11_3_0229360F
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_0229360F	11_3_0229360F
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_02293663	11_3_02293663
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76B570	17_2_6D76B570
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D773D53	17_2_6D773D53
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D78542B	17_2_6D78542B
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76AF60	17_2_6D76AF60
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D7816FE	17_2_6D7816FE
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76C010	17_2_6D76C010
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D773B24	17_2_6D773B24
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76DB80	17_2_6D76DB80
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D781250	17_2_6D781250
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D7862E0	17_2_6D7862E0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_04DE1900	17_2_04DE1900
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_04DEA320	17_2_04DEA320
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_04DE18FB	17_2_04DE18FB
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_04DED970	17_2_04DED970
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_04DEA310	17_2_04DEA310
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07921D80	17_2_07921D80
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_0792E8DB	17_2_0792E8DB
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_079243F5	17_2_079243F5
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07928360	17_2_07928360
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07924291	17_2_07924291
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F345C8	17_2_07F345C8
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F378D8	17_2_07F378D8
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F30070	17_2_07F30070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F345C3	17_2_07F345C3
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F30070	17_2_07F30070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F30070	17_2_07F30070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F30070	17_2_07F30070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F38E87	17_2_07F38E87
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F38E88	17_2_07F38E88
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F3006F	17_2_07F3006F
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F30070	17_2_07F30070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_079239C8	17_2_079239C8
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_04DED980	17_2_04DED980
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63B570	27_2_6D63B570
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D643D53	27_2_6D643D53
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D65542B	27_2_6D65542B
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63AF60	27_2_6D63AF60
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D6516FE	27_2_6D6516FE
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63C010	27_2_6D63C010
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D643B24	27_2_6D643B24
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63DB80	27_2_6D63DB80
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D651250	27_2_6D651250
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D6562E0	27_2_6D6562E0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_050E1900	27_2_050E1900
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_050EA320	27_2_050EA320
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_050EA310	27_2_050EA310
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_050ED970	27_2_050ED970
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_050E18B0	27_2_050E18B0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AFE890	27_2_06AFE890
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF1D80	27_2_06AF1D80
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF4291	27_2_06AF4291
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF43F5	27_2_06AF43F5
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF8360	27_2_06AF8360
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_078845C8	27_2_078845C8
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07887828	27_2_07887828
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07880070	27_2_07880070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_078845BA	27_2_078845BA
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07888DC9	27_2_07888DC9
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07880070	27_2_07880070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07888DD8	27_2_07888DD8
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07880070	27_2_07880070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07880070	27_2_07880070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07880070	27_2_07880070
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07880065	27_2_07880065
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_050ED980	27_2_050ED980
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF39C8	27_2_06AF39C8

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: String function: 6D76A070 appears 73 times
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: String function: 6D63F2F0 appears 47 times
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: String function: 6D76F2F0 appears 47 times

Source: AX3-GUI-45.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-OG2TD.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-8ADIG.tmp.2.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: setup-ax3-driver.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: setup-ax3-driver.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: setup-ax3-driver.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: setup-ax3-driver.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-1AU9V.tmp.11.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-1AU9V.tmp.11.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-1AU9V.tmp.11.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-1AU9V.tmp.11.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped

Source: AX3-GUI-45.exe, 00000000.00000000.1372326673.00000000004DD000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs AX3-GUI-45.exe
Source: AX3-GUI-45.exe, 00000000.00000003.1374217105.000000007FE40000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs AX3-GUI-45.exe
Source: AX3-GUI-45.exe, 00000000.00000003.1373824700.00000000027D4000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs AX3-GUI-45.exe
Source: AX3-GUI-45.exe, 00000000.00000003.1829505076.0000000002438000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs AX3-GUI-45.exe
Source: AX3-GUI-45.exe	Binary or memory string: OriginalFileName vs AX3-GUI-45.exe

Source: AX3-GUI-45.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-RR9DL.tmp.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.11.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal56.expl.evad.winEXE@25/229@1/1

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_064169EE AdjustTokenPrivileges,	17_2_064169EE
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_064169B7 AdjustTokenPrivileges,	17_2_064169B7
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06B4692E AdjustTokenPrivileges,	27_2_06B4692E
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06B468F7 AdjustTokenPrivileges,	27_2_06B468F7

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D761610 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoUninitialize,SysAllocString,InterlockedDecrement,SysFreeString,CoUninitialize,CoSetProxyBlanket,_com_issue_error,_com_issue_error,

17_2_6D761610

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

File created: C:\Program Files (x86)\Open Movement

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Program Files\AX3-Driver\dpinst64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\DPINST_LOG_SCROLLER_MUTEX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:828:120:WilError_03
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_03

Source: C:\Users\user\Desktop\AX3-GUI-45.exe

File created: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp

Jump to behavior

Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\AX3-GUI-45.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{7c625ec4-61d9-164e-840d-2046461dc20b} Global\{b92b5db1-df95-844c-847a-8711f98cae99} C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat

Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: is-A0K9N.tmp.2.dr, is-2V0T7.tmp.2.dr	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: AX3-GUI-45.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\AX3-GUI-45.exe

File read: C:\Users\user\Desktop\AX3-GUI-45.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\AX3-GUI-45.exe "C:\Users\user\Desktop\AX3-GUI-45.exe"
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Process created: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp "C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp" /SL5="$3031E,5170833,869888,C:\Users\user\Desktop\AX3-GUI-45.exe"
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process created: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe "C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe"
Source: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp "C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp" /SL5="$303AC,681477,54272,C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe"
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process created: C:\Program Files\AX3-Driver\dpinst64.exe "C:\Program Files\AX3-Driver\DPInst64.exe" /F /SA /SE /SW
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\mchp_msd_cdc.inf" "9" "4987fa53f" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\ax3-driver"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{7c625ec4-61d9-164e-840d-2046461dc20b} Global\{b92b5db1-df95-844c-847a-8711f98cae99} C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process created: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe "C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe"
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB0D8.tmp" "c:\Users\user\AppData\Local\Temp\CSCB0D7.tmp"
Source: unknown	Process created: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe "C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe"
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8733.tmp" "c:\Users\user\AppData\Local\Temp\CSC8732.tmp"
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Process created: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp "C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp" /SL5="$3031E,5170833,869888,C:\Users\user\Desktop\AX3-GUI-45.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process created: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe "C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process created: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe "C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe"	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp "C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp" /SL5="$303AC,681477,54272,C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process created: C:\Program Files\AX3-Driver\dpinst64.exe "C:\Program Files\AX3-Driver\DPInst64.exe" /F /SA /SE /SW	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{7c625ec4-61d9-164e-840d-2046461dc20b} Global\{b92b5db1-df95-844c-847a-8711f98cae99} C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB0D8.tmp" "c:\Users\user\AppData\Local\Temp\CSCB0D7.tmp"
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8733.tmp" "c:\Users\user\AppData\Local\Temp\CSC8732.tmp"

Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: cscomp.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: cscomp.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: OmGui.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
Source: Uninstall OmGui.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Open Movement\OM GUI\unins000.exe
Source: OmGui.lnk0.2.dr	LNK file: ..\..\..\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

Window found: window name: TMainForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-1AU9V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-HV6IN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-J7GAN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-GKB03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Directory created: C:\Program Files\AX3-Driver\is-IA9T3.tmp	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C12D7D33-3050-44D8-8ADA-8ADCFA9368A5}_is1

Jump to behavior

Source: AX3-GUI-45.exe

Static file information: File size 6029717 > 1048576

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: AX3-GUI-45.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Newcastle\Projects\openmovement-googlecode\trunk\Software\AX3\cwa-convert\c\Release\cwa-convert.pdb source: is-2V0T7.tmp.2.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\omgui\obj\x86\Release\OmGui.pdb source: OmGui.exe, 00000011.00000000.1819849505.0000000000499000.00000002.00000001.01000000.0000000F.sdmp, is-RR9DL.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\openmovement-googlecode\trunk\Software\AX3\cwa-convert\c\Release\cwa-convert.pdb source: is-2V0T7.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\Embedded\Bootloader.svn\Software\Booter\Release\booter.pdb source: is-JQO0H.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\omconvert\src\omconvert\Release\omconvert.pdb source: is-J23G1.tmp.2.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\Release\libomapi.pdb source: OmGui.exe, 00000011.00000002.2435380627.000000006D787000.00000002.00000001.01000000.00000015.sdmp, OmGui.exe, 0000001B.00000002.2644204260.000000006D65E000.00000002.00000001.01000000.00000015.sdmp, is-KHHI7.tmp.2.dr
Source:	Binary string: DpInst.pdbH source: dpinst64.exe, 0000000C.00000000.1607970434.00007FF7C4D71000.00000020.00000001.01000000.0000000D.sdmp, is-IA9T3.tmp.11.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\omapinet\obj\x86\Release\OmApiNet.pdbD source: OmGui.exe, 00000011.00000002.2431407017.0000000006822000.00000002.00000001.01000000.00000014.sdmp, is-6J897.tmp.2.dr
Source:	Binary string: D:\Newcastle\Projects\openmovement\Software\OM\omapinet\obj\x86\Release\OmApiNet.pdb source: OmGui.exe, OmGui.exe, 00000011.00000002.2431407017.0000000006822000.00000002.00000001.01000000.00000014.sdmp, is-6J897.tmp.2.dr
Source:	Binary string: C:\Newcastle\Projects\openmovement\Software\AX3\cwa-convert\c\Release\cwa-convert.pdb source: is-A0K9N.tmp.2.dr
Source:	Binary string: l/.C:\Users\user\AppData\Local\Temp\18uiblpb.pdb source: OmGui.exe, 0000001B.00000002.2627071414.0000000003135000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ISADMINLOGGEDONRelease\isunzlib.pdb source: AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\zlib-dll\Release\isunzlib.pdb source: AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000003.1816052530.0000000000547000.00000004.00000020.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000003.1570685179.0000000003280000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000003.1570614557.0000000002270000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, _isdecmp.dll.11.dr
Source:	Binary string: DpInst.pdb source: dpinst64.exe, 0000000C.00000000.1607970434.00007FF7C4D71000.00000020.00000001.01000000.0000000D.sdmp, is-GKB03.tmp.11.dr, is-IA9T3.tmp.11.dr
Source:	Binary string: DpInst.pdbp source: is-GKB03.tmp.11.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: is-RR9DL.tmp.2.dr, ExportSvmForm.cs

.Net Code: InitializeComponent contains xor as well as GetObject

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline"
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline"
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline"	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline"

Source: AX3-GUI-45.exe	Static PE information: section name: .didata
Source: AX3-GUI-45.tmp.0.dr	Static PE information: section name: .didata
Source: is-OG2TD.tmp.2.dr	Static PE information: section name: .didata
Source: is-J23G1.tmp.2.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_02295EE4 push eax; iretd	11_3_02295EE5
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_02295EE4 push eax; iretd	11_3_02295EE5
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_02295EE4 push eax; iretd	11_3_02295EE5
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Code function: 11_3_022890FC push esp; iretd	11_3_022890FD
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_06825637 push es; ret	17_2_06825946
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76F336 push ecx; ret	17_2_6D76F349
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07927FBF push es; ret	17_2_07927FC0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_0792C6AF push es; ret	17_2_0792C6B0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07925E09 pushad ; iretd	17_2_07925E11
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_0792E8BF push es; ret	17_2_0792E8C0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_0792AC04 push es; ret	17_2_0792AC28
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F3B1E8 pushad ; ret	17_2_07F3B1E9
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F375DF push es; retn 0004h	17_2_07F375E0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_07F33EFF push es; ret	17_2_07F33F00
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63F336 push ecx; ret	27_2_6D63F349
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_01203599 push eax; ret	27_2_0120359A
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF5E09 pushad ; iretd	27_2_06AF5E11
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_06AF7FBF push es; ret	27_2_06AF7FC0
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07882EFF push es; ret	27_2_07882F00
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_07887517 push es; retn 0004h	27_2_07887530

Source: is-RR9DL.tmp.2.dr

Static PE information: section name: .text entropy: 7.187953763177532

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Windows\System32\drvinst.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 Blob

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\is-1AU9V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\is-IA9T3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\omconvert.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-JQO0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\is-6J897.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\is-GKB03.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\dpinst32.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\AX3-GUI-45.exe	File created: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-A0K9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\18uiblpb.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\is-RR9DL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe	File created: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\is-8ADIG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-2V0T7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\is-OG2TD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Program Files\AX3-Driver\dpinst64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\is-KHHI7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-J23G1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	File created: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\ynurxton.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\firmware\booter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\Program Files (x86)\Open Movement\OM GUI\libomapi.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OmGui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OmGui\OmGui.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OmGui\Uninstall OmGui.lnk	Jump to behavior

Source: C:\Users\user\Desktop\AX3-GUI-45.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\AX3-Driver\dpinst64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT PNPDeviceID, DeviceID FROM Win32_DiskDrive WHERE InterfaceType='USB'
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT PNPDeviceID, DeviceID FROM Win32_DiskDrive WHERE InterfaceType='USB'

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Memory allocated: 10B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Memory allocated: 2C20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Memory allocated: 4C20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Memory allocated: 1450000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Memory allocated: 2EC0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Memory allocated: 4EC0000 memory commit \| memory reserve \| memory write watch

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Window / User API: threadDelayed 735

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Program Files\AX3-Driver\is-1AU9V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\omconvert.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-JQO0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\is-6J897.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Program Files\AX3-Driver\dpinst32.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Program Files\AX3-Driver\is-GKB03.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Program Files\AX3-Driver\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-A0K9N.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\18uiblpb.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-2V0T7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\is-OG2TD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\is-KHHI7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-J23G1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ynurxton.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\firmware\booter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Open Movement\OM GUI\libomapi.dll (copy)	Jump to dropped file

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe TID: 2968	Thread sleep time: -36750s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe TID: 6540	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe TID: 2464	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D77EEDE FindFirstFileExA,		17_2_6D77EEDE
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D64EEDE FindFirstFileExA,		27_2_6D64EEDE

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_06413CD6 GetSystemInfo,

17_2_06413CD6

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: setupapi.dev.log.12.dr	Binary or memory string: set: BIOS Vendor: VMware, Inc.
Source: setupapi.dev.log.12.dr	Binary or memory string: sig: Key = vmci.inf
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:28 06/10/2023: DONE Adding Catalog File (31ms): Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (15ms): Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.3031.cat
Source: is-RR9DL.tmp.2.dr	Binary or memory string: svmToolStripMenuItem
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Service Name = vmci
Source: AX3-GUI-45.tmp, 00000002.00000003.1825384083.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: OmGui.exe, 00000011.00000002.2432497939.0000000007940000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: setupapi.dev.log.12.dr	Binary or memory string: idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.12.dr	Binary or memory string: idb: Indexed 4 device IDs for 'vmci.inf_amd64_68ed49469341f563'.
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (0ms): HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: OmGui.exe, 0000001B.00000002.2627071414.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: svmToolStripMenuItem.Image
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: set: System Product Name: VMware20,1
Source: setupapi.dev.log.12.dr	Binary or memory string: sto: {Configure Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf}
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:28 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: OmGui.exe, 00000011.00000002.2416212532.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: setupapi.dev.log.12.dr	Binary or memory string: sto: {Stage Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.634
Source: setupapi.dev.log.12.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.inf' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf'.
Source: setupapi.dev.log.12.dr	Binary or memory string: cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Network Adapter}
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: idb: Created driver package object 'vmci.inf_amd64_68ed49469341f563' in SYSTEM database node.
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Image Path = System32\drivers\vmci.sys
Source: is-RR9DL.tmp.2.dr	Binary or memory string: 4svmToolStripMenuItem.Image
Source: setupapi.dev.log.12.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.sys' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.sys'.
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (16ms): HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: idb: Registered driver package 'vmci.inf_amd64_68ed49469341f563' with 'oem2.inf'.
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Driver package 'vmci.inf' is configurable.
Source: OmGui.exe, 0000001B.00000002.2620240273.0000000000F7B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Fibre Channel HBA (not supported)}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V VMBus Support Channel}
Source: setupapi.dev.log.12.dr	Binary or memory string: sto: {Core Driver Package Import: vmci.inf_amd64_68ed49469341f563} 11:48:39.704
Source: setupapi.dev.log.12.dr	Binary or memory string: flq: Copying 'C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.sys' to 'C:\Windows\System32\drivers\vmci.sys'.
Source: OmGui.exe, 0000001B.00000002.2641910622.0000000008FF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
Source: setupapi.dev.log.12.dr	Binary or memory string: set: System Manufacturer: VMware, Inc.
Source: setupapi.dev.log.12.dr	Binary or memory string: dvs: {Driver Setup Import Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.178
Source: setupapi.dev.log.12.dr	Binary or memory string: idb: Activating driver package 'vmci.inf_amd64_68ed49469341f563'.
Source: is-RR9DL.tmp.2.dr	Binary or memory string: &Tools5svmToolStripMenuItem.Image)svmToolStripMenuItem#Calculate S&VM...AcutPointsToolStripMenuItem.Image5cutPointsToolStripMenuItem1Calculate &Cut Points...3wearTimeToolStripMenuItem/Calculate Wear &Time...%toolStripMenuItem21Calculate &Sleep Time...'toolStripSeparator11pluginsToolStripMenuItem
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.2728.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: cpy: Published 'vmci.inf_amd64_68ed49469341f563\vmci.inf' to 'oem2.inf'.
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Add Service: vmci}
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (15ms): Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Disabled-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: OmGui.exe, 0000001B.00000002.2620240273.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Created new service 'vmci'.
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Display Name = VMware VMCI Bus Driver
Source: setupapi.dev.log.12.dr	Binary or memory string: set: PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F -> Configured [oem2.inf:PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD,vmci.install.x64.NT] and started (ConfigFlags = 0x00000000).
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Virtual PCI Bus}
Source: OmGui.exe, 0000001B.00000002.2643924621.000000006D631000.00000020.00000001.01000000.00000015.sdmp	Binary or memory string: %DqemU
Source: setupapi.dev.log.12.dr	Binary or memory string: set: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 -> Configured [disk.inf:GenDisk,disk_install.NT] and started (ConfigFlags = 0x00000000).
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V SCSI Controller}
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (15ms): Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Virtualization Infrastructure Driver}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Display Name = Microsoft Hyper-V Storage Accelerator
Source: setupapi.dev.log.12.dr	Binary or memory string: utl: Driver INF - oem2.inf (C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf)
Source: setupapi.dev.log.12.dr	Binary or memory string: set: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000 -> Configured [cdrom.inf:GenCdRom,cdrom_install] and started (ConfigFlags = 0x00000000).
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (0ms): HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: OmGui.exe, 0000001B.00000002.2620240273.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000F;
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (16ms): HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat
Source: OmGui.exe, 00000011.00000002.2432497939.000000000795E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: OmGui.exe, 0000001B.00000002.2620240273.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000M
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Crashdump Driver}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Video}
Source: setupapi.dev.log.12.dr	Binary or memory string: sig: Installed catalog 'vmci.cat' as 'oem2.cat'.
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:28 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:28 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: sig: FilePath = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Windows-HyperV-OptionalFeature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver Configuration: vmci.install.x64.NT}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Accelerated Disk Drive}
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:24 06/10/2023: DONE Adding Catalog File (0ms): HyperV-Compute-Host-VirtualMachines-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.3031.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.cat' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat'.
Source: setupapi.dev.log.12.dr	Binary or memory string: sig: Catalog = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Section Name = vmci.install.x64.NT
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: Display Name = Microsoft Hyper-V Virtual PCI Bus
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: Microsoft Hyper-V Virtual Machine Bus}
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Configure Driver: VMware VMCI Bus Device}
Source: AX3-GUI-45.tmp, 00000002.00000003.1825384083.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@='
Source: is-RR9DL.tmp.2.dr	Binary or memory string: svmToolStripMenuItem_Click
Source: setupapi.dev.log.12.dr	Binary or memory string: inf: {Query Configurability: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.636
Source: setupapi.dev.log.12.dr	Binary or memory string: idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (32ms): Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: OmGui.exe, 00000011.00000002.2416212532.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:28 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.2364.cat
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (16ms): Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.19041.3448.cat
Source: dberr.txt.14.dr	Binary or memory string: CatalogDB: 12:18:25 06/10/2023: DONE Adding Catalog File (0ms): Microsoft-Hyper-V-Offline-Core-Group-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.3393.cat

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D76F170 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

17_2_6D76F170

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D777DEB mov eax, dword ptr fs:[00000030h]		17_2_6D777DEB
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D647DEB mov eax, dword ptr fs:[00000030h]		27_2_6D647DEB

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D77FE76 GetProcessHeap,

17_2_6D77FE76

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76E6D9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	17_2_6D76E6D9
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D76F170 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	17_2_6D76F170
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 17_2_6D775063 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	17_2_6D775063
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63E6D9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	27_2_6D63E6D9
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D63F170 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_6D63F170
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Code function: 27_2_6D645063 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_6D645063

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB0D8.tmp" "c:\Users\user\AppData\Local\Temp\CSCB0D7.tmp"
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8733.tmp" "c:\Users\user\AppData\Local\Temp\CSC8732.tmp"

Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{7c625ec4-61d9-164e-840d-2046461dc20b} global\{b92b5db1-df95-844c-847a-8711f98cae99} c:\windows\system32\driverstore\temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf c:\windows\system32\driverstore\temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{7c625ec4-61d9-164e-840d-2046461dc20b} global\{b92b5db1-df95-844c-847a-8711f98cae99} c:\windows\system32\driverstore\temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf c:\windows\system32\driverstore\temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.cat			Jump to behavior

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D76F34B cpuid

17_2_6D76F34B

Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll VolumeInformation
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll VolumeInformation
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D77D78C GetSystemTimeAsFileTime,

17_2_6D77D78C

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D77E509 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

17_2_6D77E509

Source: C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Code function: 17_2_6D76CDE0 OmGetVersion,OmCommand,

17_2_6D76CDE0

Source: C:\Windows\System32\drvinst.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\47CEB881EDB1AD96814903261E1BD7EFBFAA5AE6 Blob

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	1 Windows Service	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Windows Service	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Process Injection	1 Install Root Certificate	NTDS	125 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Registry Run Keys / Startup Folder	12 Software Packing	LSA Secrets	121 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	131 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	23 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	131 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	2 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	11 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Rundll32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
AX3-GUI-45.exe	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-2V0T7.tmp	2%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-A0K9N.tmp	2%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-J23G1.tmp	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\omconvert.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\firmware\booter.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-JQO0H.tmp	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\is-6J897.tmp	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\is-8ADIG.tmp	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\is-KHHI7.tmp	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\is-OG2TD.tmp	5%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\is-RR9DL.tmp	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\libomapi.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Open Movement\OM GUI\unins000.exe (copy)	5%	ReversingLabs
C:\Program Files\AX3-Driver\dpinst32.exe (copy)	0%	ReversingLabs
C:\Program Files\AX3-Driver\dpinst64.exe (copy)	0%	ReversingLabs
C:\Program Files\AX3-Driver\is-1AU9V.tmp	4%	ReversingLabs
C:\Program Files\AX3-Driver\is-GKB03.tmp	0%	ReversingLabs
C:\Program Files\AX3-Driver\is-IA9T3.tmp	0%	ReversingLabs
C:\Program Files\AX3-Driver\unins000.exe (copy)	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_isdecmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_RegDLL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_isdecmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fontbureau.com	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://repository.certum.pl/cscasha2.cer0	0%	Avira URL Cloud	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.txt	0%	Avira URL Cloud	safe
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://twitter.github.com/bootstrap/javascript.html#affix	0%	Avira URL Cloud	safe
http://www.fontbureau.com/designers/frere-jones.html	0%	URL Reputation	safe
https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
http://twitter.github.com/bootstrap/javascript.html#popovers	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
http://fontfabrik.com	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#scrollspy	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#transitions	0%	Avira URL Cloud	safe
http://crl.verisign.c	0%	Avira URL Cloud	safe
https://www.remobjects.com/ps	0%	Avira URL Cloud	safe
http://subca.ocsp-certum.com01	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0D	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#collapse	0%	Avira URL Cloud	safe
https://www.innosetup.com/	0%	Avira URL Cloud	safe
https://jrsoftware.org0	0%	Avira URL Cloud	safe
https://jrsoftware.org/	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#carousel	0%	Avira URL Cloud	safe
http://www.certum.pl/CPS0	0%	Avira URL Cloud	safe
https://sectigo.com/CPS05	0%	Avira URL Cloud	safe
http://www.innosetup.com/	0%	Avira URL Cloud	safe
http://www.openmovement.co.uk	0%	Avira URL Cloud	safe
http://www.openmovement.co.ukA	0%	Avira URL Cloud	safe
http://phrogz.net/JS/_ReuseLicense.txt	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#typeahead	0%	Avira URL Cloud	safe
http://repository.certum.pl/ctnca.cer09	0%	Avira URL Cloud	safe
http://crl.certum.pl/ctnca.crl0k	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#tooltips	0%	Avira URL Cloud	safe
http://www.modernizr.com/)	0%	Avira URL Cloud	safe
http://ocsp.usertru	0%	Avira URL Cloud	safe
https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/AX3-GUI-28.zi	0%	Avira URL Cloud	safe
https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini3UPD	0%	Avira URL Cloud	safe
http://tinyurl.com/dotnet35setup	0%	Avira URL Cloud	safe
http://crl.ve.	0%	Avira URL Cloud	safe
https://www.certum.pl/CPS0	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#buttons	0%	Avira URL Cloud	safe
https://openmovement.googlecode.com/svn/downloads/AX3/omgui.ini	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#dropdowns	0%	Avira URL Cloud	safe
http://crl.certum.pl/cscasha2.crl0q	0%	Avira URL Cloud	safe
http://www.remobjects.com/psU	0%	Avira URL Cloud	safe
http://cscasha2.ocsp-certum.com04	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	Avira URL Cloud	safe
https://raw.githubusercontent.com	0%	Avira URL Cloud	safe
https://github.com/digitalinteraction/openmovement/releases/download/AX3-OmGui-v28/AX3-GUI-28.zip	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	Avira URL Cloud	safe
http://www.openmovement.co.ukQ	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#alerts	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#tabs	0%	Avira URL Cloud	safe
http://www.remobjects.com/ps	0%	Avira URL Cloud	safe
http://www.openmovement.co.uk:http://www.openmovement.co.uk:http://www.openmovement.co.uk	0%	Avira URL Cloud	safe
http://repository.certum.pl/cscasha	0%	Avira URL Cloud	safe
http://twitter.github.com/bootstrap/javascript.html#modals	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
raw.githubusercontent.com	185.199.109.133	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	AX3-GUI-45.exe	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#popovers	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://repository.certum.pl/cscasha2.cer0	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.txt	is-BUMKQ.tmp.2.dr, is-J0MH5.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn/bThe	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#affix	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#transitions	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn/cThe	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 00000011.00000002.2426637226.00000000050C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.verisign.c	rundll32.exe, 0000000F.00000002.1717433275.0000024CF3289000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontfabrik.com	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#scrollspy	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://www.remobjects.com/ps	AX3-GUI-45.exe, 00000000.00000003.1373824700.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.exe, 00000000.00000003.1374217105.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000000.1375883744.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-OG2TD.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://subca.ocsp-certum.com01	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
https://www.innosetup.com/	AX3-GUI-45.exe, 00000000.00000003.1373824700.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.exe, 00000000.00000003.1374217105.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000000.1375883744.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-OG2TD.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0D	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#collapse	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://jrsoftware.org0	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.fonts.com	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://jrsoftware.org/	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.certum.pl/CPS0	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS05	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#carousel	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.innosetup.com/	setup-ax3-driver.exe, 0000000A.00000003.1568817712.00000000021F8000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.exe, 0000000A.00000003.1568332014.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000000.1569562841.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-1AU9V.tmp.11.dr, setup-ax3-driver.tmp.10.dr	false	Avira URL Cloud: safe	unknown
http://www.openmovement.co.ukA	AX3-GUI-45.exe, 00000000.00000003.1829505076.0000000002481000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp, is-HGDEP.tmp.2.dr, is-QFTPQ.tmp.2.dr, is-EL75V.tmp.2.dr, is-OE01K.tmp.2.dr, is-9Q84H.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.openmovement.co.uk	AX3-GUI-45.exe, 00000000.00000003.1829505076.0000000002481000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000025F1000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://phrogz.net/JS/_ReuseLicense.txt	is-4Q7OL.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://repository.certum.pl/ctnca.cer09	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#typeahead	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	OmGui.exe, 00000011.00000002.2417994733.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.certum.pl/ctnca.crl0k	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.modernizr.com/)	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.usertru	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#tooltips	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/AX3-GUI-28.zi	OmGui.exe, 0000001B.00000002.2627071414.000000000324A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tinyurl.com/dotnet35setup	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.0000000003884000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823790897.0000000002504000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini3UPD	OmGui.exe, 00000011.00000000.1819849505.0000000000322000.00000002.00000001.01000000.0000000F.sdmp, is-RR9DL.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://www.certum.pl/CPS0	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.ve.	rundll32.exe, 0000000F.00000002.1717433275.0000024CF3289000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#buttons	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://openmovement.googlecode.com/svn/downloads/AX3/omgui.ini	OmGui.exe, 0000001B.00000002.2627071414.000000000324A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#dropdowns	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.certum.pl/cscasha2.crl0q	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://cscasha2.ocsp-certum.com04	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.remobjects.com/psU	setup-ax3-driver.exe, 0000000A.00000003.1568817712.00000000021F8000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.exe, 0000000A.00000003.1568332014.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000000.1569562841.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-1AU9V.tmp.11.dr, setup-ax3-driver.tmp.10.dr	false	Avira URL Cloud: safe	unknown
https://raw.githubusercontent.com	OmGui.exe, 00000011.00000002.2417994733.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.0000000003158000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.0000000003604000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#alerts	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/digitalinteraction/openmovement/releases/download/AX3-OmGui-v28/AX3-GUI-28.zip	OmGui.exe, 0000001B.00000002.2627071414.000000000324A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	OmGui.exe, 00000011.00000002.2417994733.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, OmGui.exe, 0000001B.00000002.2627071414.0000000003158000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	OmGui.exe, 00000011.00000002.2428026412.0000000006442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.openmovement.co.ukQ	AX3-GUI-45.tmp, 00000002.00000003.1823790897.00000000025F1000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#tabs	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.remobjects.com/ps	setup-ax3-driver.exe, 0000000A.00000003.1568817712.00000000021F8000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.exe, 0000000A.00000003.1568332014.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, setup-ax3-driver.tmp, 0000000B.00000000.1569562841.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-1AU9V.tmp.11.dr, setup-ax3-driver.tmp.10.dr	false	Avira URL Cloud: safe	unknown
http://twitter.github.com/bootstrap/javascript.html#modals	is-HGDEP.tmp.2.dr	false	Avira URL Cloud: safe	unknown
http://www.openmovement.co.uk:http://www.openmovement.co.uk:http://www.openmovement.co.uk	AX3-GUI-45.exe, 00000000.00000003.1372630436.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, AX3-GUI-45.tmp, 00000002.00000003.1377382141.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://repository.certum.pl/cscasha	AX3-GUI-45.tmp, 00000002.00000003.1823385647.00000000038F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.199.109.133	raw.githubusercontent.com	Netherlands		54113	FASTLYUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1513990
Start date and time:	2024-09-19 16:46:53 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	AX3-GUI-45.exe
Detection:	MAL
Classification:	mal56.expl.evad.winEXE@25/229@1/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 100% Number of executed functions: 407 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target setup-ax3-driver.tmp, PID 1792 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: AX3-GUI-45.exe

Simulations

Behavior and APIs

Time	Type	Description
10:48:59	API Interceptor	554x Sleep call for process: OmGui.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.199.109.133	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
185.199.109.133	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.githubusercontent.com	VegaX.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	VegaX.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	xmr_linux_amd64.elf	Get hash	malicious	Xmrig	Browse	185.199.108.133
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	185.199.110.133
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	185.199.109.133
	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	185.199.109.133
	SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exe	Get hash	malicious	XWorm	Browse	185.199.108.133
	SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exe	Get hash	malicious	Unknown	Browse	185.199.110.133
	https://ascendtransportationllc665121.invisionapp.com/freehand/-4bO4Ia3X6	Get hash	malicious	HtmlDropper	Browse	185.199.111.133
	file.exe	Get hash	malicious	LummaC	Browse	185.199.108.133

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	phish_alert_sp2_2.0.0.0 - 2024-09-19T093336.425.eml	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://0XQt.r04ar2.com/lGHC/	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://iris-sensing.atlassian.net/servicedesk/customer/portal/1/SUP-680?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Z3QiOiJhbm9ueW1vdXMtbGluayIsInFzaCI6IjQ5NTk3NjNhOWI0Zjk5OTdjZGEzNmVlMDg3ZmZjMzQ4NmFjOTJhOTU3NjY5NWY2MjA4OGNlODJjYzA3MDkwOWQiLCJpc3MiOiJzZXJ2aWNlZGVzay1qd3QtdG9rZW4taXNzdWVyIiwiY29udGV4dCI6eyJ1c2VyIjoiMTAzODAiLCJpc3N1ZSI6IlNVUC02ODAifSwiZXhwIjoxNzI5MTcwNTQ3LCJpYXQiOjE3MjY3NTEzNDd9.XJlo9m1jb0OEFNOW0XdFgqU9A9HJ6UJNJVvYGpSy8XE&sda_source=notification-email-action	Get hash	malicious	Unknown	Browse	199.232.188.157
	https://www.google.com/url?q=https://www.google.com/url?q%3DdCSMjVnvsqsqaP8pEWWm%26rct%3DSpPq9HncUaCXUtCZusX0%26sa%3Dt%26esrc%3DuZR6jk9A67Rj7RZhLuPE%26source%3D%26cd%3Deh0xIKCKpKh7i4kTt26p%26cad%3DVEVtMkQKVNr1KW4fxShi%26ved%3DNTDACygNXetEDbRT8YiY%26uact%3D%2520%26url%3Damp%252Fzarafetbayankuafor%252Ecom%252F.rr%252F&source=gmail&ust=1726081152301000&usg=AOvVaw13bOFWGbYMslwWZ8DW3Ey1#vauFEE-SUREDANNXSnVzdGluLkdhcmNpYUBwZXJyeWhvbWVzLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://pub-b21271990c74459f8088c501f667a689.r2.dev/ladiesfirst.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://computing-customer-6850.my.salesforce-sites.com/support	Get hash	malicious	Unknown	Browse	151.101.193.229
	ELECTRONIC RECEIPT_658776783.htm	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://rodator.freshdesk.com/en/support/solutions/articles/156000013321-solicitud-de-presupuesto-1454082	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://sampension-account-docsign.net.nezzegvipaaqrhsf.com/app7c874963274eb9aecdb8a4dda6dd5c85/66d4bcaf4e31753ebfee0548	Get hash	malicious	Unknown	Browse	199.232.188.157
	original (37).eml	Get hash	malicious	Unknown	Browse	151.101.194.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	MRSPBASd65554AB.dll.dll	Get hash	malicious	Unknown	Browse	185.199.109.133
	MRSPBASd65554AB.dll.dll	Get hash	malicious	Unknown	Browse	185.199.109.133
	Document.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	185.199.109.133
	PO-27893493.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	185.199.109.133
	Recibo de pago.880743.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	185.199.109.133
	Wspguvcwm.exe	Get hash	malicious	Snake Keylogger	Browse	185.199.109.133
	ARIZONA GROUP PO_017633180924.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	185.199.109.133
	AWB_Ref#339720937705pdf.exe	Get hash	malicious	Snake Keylogger	Browse	185.199.109.133
	Estado de Cuenta.exe	Get hash	malicious	Snake Keylogger	Browse	185.199.109.133
	FDS00000900000.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	185.199.109.133

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30720
Entropy (8bit):	5.561090262634769
Encrypted:	false
SSDEEP:	768:G9ivcgdQIeVAOrajN/ccIjOBHaHi6ej0hQ:G9ikgd0Vt+h8FC6eYhQ
MD5:	5083DA882E58C045E46391E8AC35456F
SHA1:	9EAE2AA46772286D5ABA504009ED0492031BC102
SHA-256:	BB2B868D313942BAFEDF896F19C7BE8CA91725A44C29E916DB8FBFB837087EE2
SHA-512:	1CE7025532A3E98FD420A5EAF5BC0E2BCCCB1141AD803C01F8D286805029932DB41EDDDAFAF97FC6300061D6570980E4F79B219E89D3FD25DD6337923F63D304
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H`c...........!..0..n..........n.... ........... ....................................@.....................................O................................................................................... ............... ..H............text...tm... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................P.......H........:...Q..........................................................^~....-.s.........~.....0...........s....}.....s....}.....(............s......}.......{....(.......{....~....(....&........s......}.......{....(.......{....~....(....&.l(....r...p(............s......}.......{....(.......{....~....(?...&...0............(.......(........................"..(........0..F........{....-=.&(....&...{....,....{....(.......{....,....{....(......}....F.(G...,...s....z.0..X...

C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1641984
Entropy (8bit):	7.012562124222005
Encrypted:	false
SSDEEP:	49152:s+4PCNQWsNQWsNQWsNQWsNQWsNQWh4NQW:sMuuuuuU
MD5:	12FEEE099449453BA386F8FBA6C72090
SHA1:	4BE776CF3F768BAD8F10CA885227494972CBCEBE
SHA-256:	E96445F1DEA2B0B630ADE704C5C478C0E50A71645473F11297FE7DED2D9F9197
SHA-512:	E21262C048DAA24BDAEF0F08D544CE06ADE5DF32D99D8D1967F76984AA8ED3780B8E8E03F2C0FE873D578BC52AA0A49F5A814D4B6146BCE13BC65CEEBEE6F95E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2H`c..............0......~........... ........@.. .......................`............@.....................................O.......8{...................@......t................................................ ............... ..H............text...\.... ...................... ..`.rsrc...8{.......\|..................@..@.reloc.......@......................@..B.......................H.......0>...;...........y...0............................................( ....0...........(.......(......................0..........~!.....~!.....i......~!.....o......-}...I...("...(#...tI...}....~!............($...-....J...("...(#...tJ...}....~!............($...-....K...("...(#...tK...}.......0..............7.....~....}........Yn(%...}.......}........Yn(%...}.......}...... .@. (&... ...._-..+. ...@`(&... ...._-..+. ....`}........('.....((...s....}.......}.......o....&*

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\64x64 converter.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3527
Entropy (8bit):	7.81337128585813
Encrypted:	false
SSDEEP:	96:9Ss5YRxkYjabEg39Q5aS4iJ7fPWdSfCwIc31:9Ss5Yrjaob5/VJr+k9
MD5:	CED13F367E9FDF9CB2045DDBFC606D6B
SHA1:	7C872ABCF649631BA513C43621605610D9125E95
SHA-256:	27BC1E463A8F3FD3C193CC5E91A463C356E39D5E81EE45FEDC54BB070B5FC895
SHA-512:	D2F7A6FBE8AD134F2073AEB76BDBF4D06922193275F72CE8DD6288EE026E7EF66410377FEF45F22355A70FCCFBE198379F1D55C4BA5D041DE96CA088B0BBAD0D
Malicious:	false
Preview:	.PNG........IHDR...@...@......iq.... cHRM..z%..............u0...`..:....o._.F....bKGD.......C......pHYs.................vpAg...@...@....`....IDATx...k%wv.?.G..}..j..v.3....!.3a..`<.U..&.@..@.!x.E...l.....<..6.......n...-..V..nK.U../...RU....d ...z.U.\|..T..&4..MhB...&....I.\|..g.q.....E.R..B...!PJ....:q..{.....Zks.Zk.R...xzz...\.~.W_}.O>..w. .Sc.o.V.Ave.>N@..+{}..Y9..Z..`./..w...>.h.Z.....>@)..`0..(.^.>..XQ.Ya.pZ.....,......m..Mk..B......-.S.....O..jS.....g.b.......5..@.....B(.(..8..1f.Z..Q.-.q<..t.. ...d.y.....K.v..crfj.AJ9. ...>_....U^..&ss/...,.Q....Xk.t:...ju.T..!..p^.QsB..... ...c,R..69.x..f...Zbq.......H..!..!.V....!.y...Honn6...Og......oY..8..u.."E..D..k.V:.....0U.>q._\|H..36..+....8..^..c..s.....L....@DQtz...Y...f....{<....._..S.+ ....%..P.....[..l............\..>..\\|.,.\Fk.c........8...(...$.._1.~....$.}.8..8....=juK.\|...-..9......\Xy..2S.@Yp~f.\`.A.s.....G4.^......WQ,.S,,>......wx.w.s.....0...8N.g. [m.+,.h.a._x..[4[..Gq....R(3

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	563200
Entropy (8bit):	6.741829920311703
Encrypted:	false
SSDEEP:	12288:+l+vI0vyog/UpQ87Lx97MYpk62gSp01ldMIicFIz/Fa5wbevozdw1:+l+g6kUW8Xx9ogDSp01lXicFIDFa5jvo
MD5:	15B477AA57D8F81CD251D38CA7CB84C6
SHA1:	CA9A478EDE26638F0D881D1643CAC98C3AFE5F49
SHA-256:	822F9397A57EE1A5B4D2A25FE4031F5EB960166AC20F3FF7AA417259EF8F403E
SHA-512:	2B42BC91E3596F16C76D35C6C3DFFBB04735C6AB96ABC6C61E6FFE34BBB0EE5F791FFAA7D4ADB9C6CD15E74E42B67292F4CF940CF9222AE9DD515658DDE6FAF3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7+..Yx..Yx..Yx..x..Yx..x..Yx..x..Yx...x..Yx..Xx..Yx..x..Yx..x..YxRich..Yx................PE..L...#..O.........................................@..................................y....@..................................A..(................................2.................................8<..@............................................text............................... ..`.rdata..............................@..@.data...DC...P... ...<..............@....rsrc................\..............@..@.reloc...:.......:...^..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	GIF image data, version 89a, 128 x 128
Category:	dropped
Size (bytes):	7303
Entropy (8bit):	7.827464019436164
Encrypted:	false
SSDEEP:	192:b8yxqckNOgKtcKdAOs/GOR9nDyoQCl1xdjGTlD/uzcV/:bbx9bSKoHDyoQClExGi/
MD5:	BDFA0CCB43714B182B9EEE4A0CF0DC9A
SHA1:	14AE738BC83FE1004B9879F3BD72100E74E215C1
SHA-256:	ED334BA309B7DC4EB164B135E6EC95AC270767C528C7AB649B2AC8FD7EC5C8CA
SHA-512:	3925369D595CEC2693421FACDBDD76562AD75A56E74C87B41303944A85BECD22A133D3921B02E420E75D63D18953E278E18FB8E4A3CE0CD3FF6F5C7BE516ABC3
Malicious:	false
Preview:	GIF89a.....................xi~................................+5.MV.JU..(.'=.J].....!.3K.AW...)..+..5.8Q.C].DZ.Pg.CU.Zm.Vh.aq.`h.....3../..<..<..D.&L.$G.-Q.3V.:\.5R.>`.Dd.Hg.Ii.Ii.Ki.Kk.Lh.Mk.Ro.Sq.[v.e..w..p..}..t..v.....@d.Ae.Eh.Gk.Gi.Gh.Gk.Im.Ik.Im.Ik.Ko.Km.Kk.Lm.Nn.Or.Rs.Ut.Vx.]\|.Zw.k..`x....Ek.Lp.Jo.b.....e..m..{......z................................................................D.......M...Y....Y..e.5..L.h......2..=..G.Y..i........u..z..\|..~.....w...5..A..@.G.G..V.Q.._.P..o.f..u..u..{......w..v..{............#.~%..+..2..3..9..>.9.=..B..D..D..E..G..G..G.C..I..I.A..L..L..Q..R..V..T..[..c..g..m..s....`...u.q..k...4..B.{5..F..G..I..I..J..K..K..K..N..S..V..[.zO..{....u.........B..M....c.....................................!.......,...............H......\......z4.H.........c.. C...0...?`.@....Cp.....`..Sf.._........C..P../.0H@J..B..Vty...V..:../..]..k..;....A-.0..h.../.0..KX.[.0b...$H..E.K..E....t..C...CO..C.i.@..H.9....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.plugin (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	5.0566730094007655
Encrypted:	false
SSDEEP:	24:qTFLURr94A/4VqEQVC/YFTszIRuXgigDDNNbT1JxFK8:EiRr9T/4Vqp4AFMouXrYNpT1HFb
MD5:	C128D6CD61111599FCBE7BB46EDB1904
SHA1:	CDF9CEC9BA07708A12D0A02D50E0122385FA253F
SHA-256:	944D208A5720B207B61144149546F9F50FB48B7281DF8BCE33EB114E20BB95C6
SHA-512:	74E5A34E3A019D395D5E71BBB9629F6C4C9EE4233C79406898FBCFE673A2B3F753A9C75AA95A54821012EB3794AF1E880A8ACBBA31DB4899270C6DF0FD1D5E53
Malicious:	false
Preview:	<?xml version='1.0'?>.. This is a sample XML document -->..<Plugin>...<height>500</height>...<width>700</width>...<runFilePath>OMPA Convertor.exe</runFilePath>...<htmlFilePath>OMPA convertor.html</htmlFilePath>...<savedValuesFilePath>saved.xml</savedValuesFilePath>...<iconName>64x64 converter.ico</iconName>...<description>Converts binary .cwa files to application-friendly formats. Current version supports specifying a time-slice via the data preview pane. Optional output streams (battery, light, temperature). Multiple timestamp formats available.</description>...<fileName>Convert_CWA</fileName>...<readableName>Convert CWA</readableName>...<outputFile>.csv .wav .raw</outputFile>...<inputFile>.cwa</inputFile>...<wantMetadata>true</wantMetadata>...<outputExtensions>....<extension>csv</extension>...</outputExtensions>...<defaultValues>....<bodyMass>80</bodyMass>....<percentage>0.22</percentage>....<fileStart>fileStart</fileStart>....<fileEnd>fileEnd</fileEnd>...</defaultValues>...<crea

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA convertor.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with very long lines (381), with CRLF line terminators
Category:	dropped
Size (bytes):	11977
Entropy (8bit):	5.193366025833501
Encrypted:	false
SSDEEP:	192:kVsDIzjpambe4Ec4h25Uw4aCqtYoqy2qoglZQtpYGTmpo/8pWV9:qtq4Ec4hUr4aLYoqUCX
MD5:	1A82547F921A171DCF86F23191BFD318
SHA1:	1CBE6268FC5FFE12A4A707205D0FCC64866A7236
SHA-256:	E4BD06AA60D4577B6AA586E05EDB9D5B1250599C01C1140C6D88B614B9A0E103
SHA-512:	420651FDEFF17D16307E875CDD632B5CB7ED54E588BFB8D870AB43BC2E4B402913BE748334D431D5CC9F8663F6C680470E71E6BED297623560F09856E2BFDBEE
Malicious:	false
Preview:	<!DOCTYPE html> ..<html>..<meta http-equiv="X-UA-Compatible" content="IE=Edge" />..<meta charset="utf-8">...<title>OpenMovement Converter</title>...<link href="./css/bootstrap-responsive.css" rel="stylesheet">...<link href="./css/bootstrap.css" rel="stylesheet">...<link href="./css/page.css" rel="stylesheet">...<script type="text/javascript" src="./js/jquery.min.js"></script>...<script type="text/javascript" src="./js/bootstrap.js"></script> ...<script type="text/javascript" src="./js/bootstrap.min.js"></script>.....<script language="javascript">..function positionLogo() {...document.getElementById('logo').style.left = document.getElementById('content').offsetLeft + 'px';..}....</script>.... Leave this script as it is otherwise the program won't pick it up and it won't run. -->..<script language="javascript" type="text/javascript">.. //var $ = function (e) { return document.getElementById(e); }......var blockStart = -1;...var blockCount = -1;......function fillValues()...{....va

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap-responsive.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23220
Entropy (8bit):	5.0206455590077885
Encrypted:	false
SSDEEP:	384:yM1758/eDV9grZKb5u5Ru11zNFnyQCglOfWwRnE+A6V22zHtTjg:/8GDV9grZKbgUzWQCglOfWwRnE+/DzNA
MD5:	E46CE2784F902577C2E2858BAF1536F0
SHA1:	B87C9AF4988D92BCFBA4CE80F1BBF267774E115F
SHA-256:	489239002725E88D06FFFC788210A60C249D401F00C2BE2254F130F6251D2002
SHA-512:	B822F632A842A070A2A7FB1CFC7A184CAE6219676273CE63B57096FB0C0F39DA7735EE240BB5652F1AE14238D3494AC930395D936EF5BCB6F7552053D375CDE0
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....@-ms-viewport {.. width: device-width;..}.....hidden {.. display: none;.. visibility: hidden;..}.....visible-phone {.. display: none !important;..}.....visible-tablet {.. display: none !important;..}.....hidden-desktop {.. display: none !important;..}....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap-responsive.min.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (16608), with CRLF line terminators
Category:	dropped
Size (bytes):	16858
Entropy (8bit):	5.2955772749108
Encrypted:	false
SSDEEP:	384:dd7eicOM8quuhu93fUacuMZoUCfl4UX94Vp1XP:dPcVDmfUac1ZQt4UX96L
MD5:	B0C3EF20C73BC861FF157EAB023DD09C
SHA1:	FEE31889CF7E7B1531BF61D8109BE2A6007853D6
SHA-256:	754073D316DAB747E1634E26EE4FB71EBF38314C24701946812C0E7506242560
SHA-512:	CB61A0F24025F2C702E0A5EEC5BA6E94AE108A543C21C61445188C4741DB66A27D7195234D8ED992BCE7793C667F7E4041E2E102C87C55C2070BD608CF8ED2A7
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}@-ms-viewport{width:device-width}.hidden{display:none;visibility:hidden}.visible-phone{display:none!important}.visible-tablet{display:none!important}.hidden-desktop{display:none!important}.visible-desktop{display:inherit!important}@media(min-width:768px) and (max-width:979px){.hidden-desktop{display:inherit!important}.visible-desktop{display:none!important}.visible-tablet{display:inherit!importa

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	133405
Entropy (8bit):	5.11593362125808
Encrypted:	false
SSDEEP:	768:3ofP4Kjze9ROUT1aEXxUKPrsPHOR1sqY+R9Ef:3ofAh9kKHXYORmJf
MD5:	580599C144EF378851955472462F8602
SHA1:	477A15BEDFC71B900F7B623725FC2693E6304AAB
SHA-256:	4DA0DD04B0D7747EB30270FE7758BAC2CBF8371ECA251257553E9B489FD229FD
SHA-512:	4C4D00E70A7C0C6999B237D5466F7EC099B4445BF1A4A9561374D192422C4F41E7C60374BFA0C6DC8D6AF0C8866AE131DD29B82480B60DA93F22108760B1339A
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....article,..aside,..details,..figcaption,..figure,..footer,..header,..hgroup,..nav,..section {.. display: block;..}....audio,..canvas,..video {.. display: inline-block;.. display: inline;.. zoom: 1;..}....audio:not([controls]) {.. display: none;..}....html {.. font-

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap.min.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (65299), with CRLF line terminators
Category:	dropped
Size (bytes):	105948
Entropy (8bit):	5.180897685194033
Encrypted:	false
SSDEEP:	768:X71A8XpW5b26LVcUFPaDGObYDUXyyRsPJGaPV4LolQdUONA4QFOfUcnvGcJwjuGR:28AHR7aD4DJhzPB2UONAxtjuGR
MD5:	016623C5E5773122D7C2AC3B524DD17C
SHA1:	1ABEFD404CDD720B275CDAFB97D3EE1C87FD97EF
SHA-256:	3349EBED31517ADA35DA5294A520C4A25CB778F58785726E4B0177120FE25501
SHA-512:	C36645B0648A21D7B6F4ABD9C315B5B82EBD3D21B48E8B2184D8333C800F0D9F9256FFC0D862AE9FDC6E15A24B3247251FCA9830869A54865255F2BC6DCCAA61
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;display:inline;zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-9Q84H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (65299), with CRLF line terminators
Category:	dropped
Size (bytes):	105948
Entropy (8bit):	5.180897685194033
Encrypted:	false
SSDEEP:	768:X71A8XpW5b26LVcUFPaDGObYDUXyyRsPJGaPV4LolQdUONA4QFOfUcnvGcJwjuGR:28AHR7aD4DJhzPB2UONAxtjuGR
MD5:	016623C5E5773122D7C2AC3B524DD17C
SHA1:	1ABEFD404CDD720B275CDAFB97D3EE1C87FD97EF
SHA-256:	3349EBED31517ADA35DA5294A520C4A25CB778F58785726E4B0177120FE25501
SHA-512:	C36645B0648A21D7B6F4ABD9C315B5B82EBD3D21B48E8B2184D8333C800F0D9F9256FFC0D862AE9FDC6E15A24B3247251FCA9830869A54865255F2BC6DCCAA61
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;display:inline;zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-DT30I.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1804
Entropy (8bit):	5.09134159779664
Encrypted:	false
SSDEEP:	48:W/7d3J5Ozvk4QKhQoEXnZBC5UHsUMopRcZbBh:W/RD0HQK6oEXn/wUMLosZ
MD5:	404B511780FED84B57626F82B83CEF70
SHA1:	7AFEE211414F83080C7ABC1B32AC120F144E6681
SHA-256:	D2D92767B7A8743B89368CF353748DA2AAFAA6509375406BC56905F4FC4DAC54
SHA-512:	D210421D09224773EDC7BA6BC1CC1D0E134FDCBB00FB844B9BE8535588E0B8A58AF260B5530284D90DA19FCE74770F985C5E5D197BB0052A07DDD6FDAB4AB31C
Malicious:	false
Preview:	....body {...width: 100%;...height: 100%;...background-color: white;...margin: 0;...padding: 0;......}....div#header {...height: 106px;...background-color: white;...width: 100%;...margin: 0;...padding: 0;...background-image: url(../img/headerbackground.png);...background-repeat: repeat-x; ..}....div#header img {...position:relative;...top: 15px;...left:10px;...transition: left 1s;...-moz-transition: left 1s; /* Firefox 4 /...-webkit-transition: left 1s; / Safari and Chrome /...-o-transition: left 1s; / Opera */..}....div#header h1 {...margin: 0;..}....div#contentHolder {...position: relative;...width:100%;...height: 1000px;...padding-top: 7px;...background-color: rgb(70,70,70);...border-image: url(../img/innerglow.png) 210 / 210px stretch stretch;..}....div#content {...position: relative;...min-height: 750px;...max-height: 1200px;...width: 90%;...margin: 0px auto 0px auto;...-moz-border-radius: 8px;.. -webkit-border-radius: 8px;...border-radius: 8px;...background-color: white;..

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-EL75V.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23220
Entropy (8bit):	5.0206455590077885
Encrypted:	false
SSDEEP:	384:yM1758/eDV9grZKb5u5Ru11zNFnyQCglOfWwRnE+A6V22zHtTjg:/8GDV9grZKbgUzWQCglOfWwRnE+/DzNA
MD5:	E46CE2784F902577C2E2858BAF1536F0
SHA1:	B87C9AF4988D92BCFBA4CE80F1BBF267774E115F
SHA-256:	489239002725E88D06FFFC788210A60C249D401F00C2BE2254F130F6251D2002
SHA-512:	B822F632A842A070A2A7FB1CFC7A184CAE6219676273CE63B57096FB0C0F39DA7735EE240BB5652F1AE14238D3494AC930395D936EF5BCB6F7552053D375CDE0
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....@-ms-viewport {.. width: device-width;..}.....hidden {.. display: none;.. visibility: hidden;..}.....visible-phone {.. display: none !important;..}.....visible-tablet {.. display: none !important;..}.....hidden-desktop {.. display: none !important;..}....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-IUM53.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (16608), with CRLF line terminators
Category:	dropped
Size (bytes):	16858
Entropy (8bit):	5.2955772749108
Encrypted:	false
SSDEEP:	384:dd7eicOM8quuhu93fUacuMZoUCfl4UX94Vp1XP:dPcVDmfUac1ZQt4UX96L
MD5:	B0C3EF20C73BC861FF157EAB023DD09C
SHA1:	FEE31889CF7E7B1531BF61D8109BE2A6007853D6
SHA-256:	754073D316DAB747E1634E26EE4FB71EBF38314C24701946812C0E7506242560
SHA-512:	CB61A0F24025F2C702E0A5EEC5BA6E94AE108A543C21C61445188C4741DB66A27D7195234D8ED992BCE7793C667F7E4041E2E102C87C55C2070BD608CF8ED2A7
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}@-ms-viewport{width:device-width}.hidden{display:none;visibility:hidden}.visible-phone{display:none!important}.visible-tablet{display:none!important}.hidden-desktop{display:none!important}.visible-desktop{display:inherit!important}@media(min-width:768px) and (max-width:979px){.hidden-desktop{display:inherit!important}.visible-desktop{display:none!important}.visible-tablet{display:inherit!importa

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-TFM5V.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	133405
Entropy (8bit):	5.11593362125808
Encrypted:	false
SSDEEP:	768:3ofP4Kjze9ROUT1aEXxUKPrsPHOR1sqY+R9Ef:3ofAh9kKHXYORmJf
MD5:	580599C144EF378851955472462F8602
SHA1:	477A15BEDFC71B900F7B623725FC2693E6304AAB
SHA-256:	4DA0DD04B0D7747EB30270FE7758BAC2CBF8371ECA251257553E9B489FD229FD
SHA-512:	4C4D00E70A7C0C6999B237D5466F7EC099B4445BF1A4A9561374D192422C4F41E7C60374BFA0C6DC8D6AF0C8866AE131DD29B82480B60DA93F22108760B1339A
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....article,..aside,..details,..figcaption,..figure,..footer,..header,..hgroup,..nav,..section {.. display: block;..}....audio,..canvas,..video {.. display: inline-block;.. display: inline;.. zoom: 1;..}....audio:not([controls]) {.. display: none;..}....html {.. font-

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\page.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1804
Entropy (8bit):	5.09134159779664
Encrypted:	false
SSDEEP:	48:W/7d3J5Ozvk4QKhQoEXnZBC5UHsUMopRcZbBh:W/RD0HQK6oEXn/wUMLosZ
MD5:	404B511780FED84B57626F82B83CEF70
SHA1:	7AFEE211414F83080C7ABC1B32AC120F144E6681
SHA-256:	D2D92767B7A8743B89368CF353748DA2AAFAA6509375406BC56905F4FC4DAC54
SHA-512:	D210421D09224773EDC7BA6BC1CC1D0E134FDCBB00FB844B9BE8535588E0B8A58AF260B5530284D90DA19FCE74770F985C5E5D197BB0052A07DDD6FDAB4AB31C
Malicious:	false
Preview:	....body {...width: 100%;...height: 100%;...background-color: white;...margin: 0;...padding: 0;......}....div#header {...height: 106px;...background-color: white;...width: 100%;...margin: 0;...padding: 0;...background-image: url(../img/headerbackground.png);...background-repeat: repeat-x; ..}....div#header img {...position:relative;...top: 15px;...left:10px;...transition: left 1s;...-moz-transition: left 1s; /* Firefox 4 /...-webkit-transition: left 1s; / Safari and Chrome /...-o-transition: left 1s; / Opera */..}....div#header h1 {...margin: 0;..}....div#contentHolder {...position: relative;...width:100%;...height: 1000px;...padding-top: 7px;...background-color: rgb(70,70,70);...border-image: url(../img/innerglow.png) 210 / 210px stretch stretch;..}....div#content {...position: relative;...min-height: 750px;...max-height: 1200px;...width: 90%;...margin: 0px auto 0px auto;...-moz-border-radius: 8px;.. -webkit-border-radius: 8px;...border-radius: 8px;...background-color: white;..

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	555520
Entropy (8bit):	6.7113933342053205
Encrypted:	false
SSDEEP:	12288:3nTww4skH2tol+VkVJrDHcSN+cfRf9JsFdwe:3n0nH2toYkVJrD9Z9Js
MD5:	33DD5633F19486728639D92992B080F2
SHA1:	BEDD5820CF9FC7285833AF533C3B08BFA1F4912E
SHA-256:	88CE021A699D591CBAFC1D1211399CB0E9543EB2A6843C4D07707EE374F3C7D5
SHA-512:	5DC1602F017AD27E6F36071AE6BE2A900F9C95AABA46A962AD27A62F70B175617840263D15E0CEB413F8513D2704FEE6CA2A7181D5F8BECD3027DCD15197DA03
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#..p..p..pLrQp..pLrSph.pLrRp..p.q..p.q..p.q..p.3p..p..p..p..q..p._p..p..q..pRich..p................PE..L...S..[.................:...N...............P....@.......................................@..................................3..(....p...........................6..`)..p............................)..@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...p$...@.......,..............@....rsrc........p.......@..............@..@.reloc...6.......8...B..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	GIF image data, version 89a, 128 x 128
Category:	dropped
Size (bytes):	7303
Entropy (8bit):	7.827464019436164
Encrypted:	false
SSDEEP:	192:b8yxqckNOgKtcKdAOs/GOR9nDyoQCl1xdjGTlD/uzcV/:bbx9bSKoHDyoQClExGi/
MD5:	BDFA0CCB43714B182B9EEE4A0CF0DC9A
SHA1:	14AE738BC83FE1004B9879F3BD72100E74E215C1
SHA-256:	ED334BA309B7DC4EB164B135E6EC95AC270767C528C7AB649B2AC8FD7EC5C8CA
SHA-512:	3925369D595CEC2693421FACDBDD76562AD75A56E74C87B41303944A85BECD22A133D3921B02E420E75D63D18953E278E18FB8E4A3CE0CD3FF6F5C7BE516ABC3
Malicious:	false
Preview:	GIF89a.....................xi~................................+5.MV.JU..(.'=.J].....!.3K.AW...)..+..5.8Q.C].DZ.Pg.CU.Zm.Vh.aq.`h.....3../..<..<..D.&L.$G.-Q.3V.:\.5R.>`.Dd.Hg.Ii.Ii.Ki.Kk.Lh.Mk.Ro.Sq.[v.e..w..p..}..t..v.....@d.Ae.Eh.Gk.Gi.Gh.Gk.Im.Ik.Im.Ik.Ko.Km.Kk.Lm.Nn.Or.Rs.Ut.Vx.]\|.Zw.k..`x....Ek.Lp.Jo.b.....e..m..{......z................................................................D.......M...Y....Y..e.5..L.h......2..=..G.Y..i........u..z..\|..~.....w...5..A..@.G.G..V.Q.._.P..o.f..u..u..{......w..v..{............#.~%..+..2..3..9..>.9.=..B..D..D..E..G..G..G.C..I..I.A..L..L..Q..R..V..T..[..c..g..m..s....`...u.q..k...4..B.{5..F..G..I..I..J..K..K..K..N..S..V..[.zO..{....u.........B..M....c.....................................!.......,...............H......\......z4.H.........c.. C...0...?`.@....Cp.....`..Sf.._........C..P../.0H@J..B..Vty...V..:../..]..k..;....A-.0..h.../.0..KX.[.0b...$H..E.K..E....t..C...CO..C.i.@..H.9....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with very long lines (381), with CRLF line terminators
Category:	dropped
Size (bytes):	11977
Entropy (8bit):	5.193366025833501
Encrypted:	false
SSDEEP:	192:kVsDIzjpambe4Ec4h25Uw4aCqtYoqy2qoglZQtpYGTmpo/8pWV9:qtq4Ec4hUr4aLYoqUCX
MD5:	1A82547F921A171DCF86F23191BFD318
SHA1:	1CBE6268FC5FFE12A4A707205D0FCC64866A7236
SHA-256:	E4BD06AA60D4577B6AA586E05EDB9D5B1250599C01C1140C6D88B614B9A0E103
SHA-512:	420651FDEFF17D16307E875CDD632B5CB7ED54E588BFB8D870AB43BC2E4B402913BE748334D431D5CC9F8663F6C680470E71E6BED297623560F09856E2BFDBEE
Malicious:	false
Preview:	<!DOCTYPE html> ..<html>..<meta http-equiv="X-UA-Compatible" content="IE=Edge" />..<meta charset="utf-8">...<title>OpenMovement Converter</title>...<link href="./css/bootstrap-responsive.css" rel="stylesheet">...<link href="./css/bootstrap.css" rel="stylesheet">...<link href="./css/page.css" rel="stylesheet">...<script type="text/javascript" src="./js/jquery.min.js"></script>...<script type="text/javascript" src="./js/bootstrap.js"></script> ...<script type="text/javascript" src="./js/bootstrap.min.js"></script>.....<script language="javascript">..function positionLogo() {...document.getElementById('logo').style.left = document.getElementById('content').offsetLeft + 'px';..}....</script>.... Leave this script as it is otherwise the program won't pick it up and it won't run. -->..<script language="javascript" type="text/javascript">.. //var $ = function (e) { return document.getElementById(e); }......var blockStart = -1;...var blockCount = -1;......function fillValues()...{....va

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3527
Entropy (8bit):	7.81337128585813
Encrypted:	false
SSDEEP:	96:9Ss5YRxkYjabEg39Q5aS4iJ7fPWdSfCwIc31:9Ss5Yrjaob5/VJr+k9
MD5:	CED13F367E9FDF9CB2045DDBFC606D6B
SHA1:	7C872ABCF649631BA513C43621605610D9125E95
SHA-256:	27BC1E463A8F3FD3C193CC5E91A463C356E39D5E81EE45FEDC54BB070B5FC895
SHA-512:	D2F7A6FBE8AD134F2073AEB76BDBF4D06922193275F72CE8DD6288EE026E7EF66410377FEF45F22355A70FCCFBE198379F1D55C4BA5D041DE96CA088B0BBAD0D
Malicious:	false
Preview:	.PNG........IHDR...@...@......iq.... cHRM..z%..............u0...`..:....o._.F....bKGD.......C......pHYs.................vpAg...@...@....`....IDATx...k%wv.?.G..}..j..v.3....!.3a..`<.U..&.@..@.!x.E...l.....<..6.......n...-..V..nK.U../...RU....d ...z.U.\|..T..&4..MhB...&....I.\|..g.q.....E.R..B...!PJ....:q..{.....Zks.Zk.R...xzz...\.~.W_}.O>..w. .Sc.o.V.Ave.>N@..+{}..Y9..Z..`./..w...>.h.Z.....>@)..`0..(.^.>..XQ.Ya.pZ.....,......m..Mk..B......-.S.....O..jS.....g.b.......5..@.....B(.(..8..1f.Z..Q.-.q<..t.. ...d.y.....K.v..crfj.AJ9. ...>_....U^..&ss/...,.Q....Xk.t:...ju.T..!..p^.QsB..... ...c,R..69.x..f...Zbq.......H..!..!.V....!.y...Honn6...Og......oY..8..u.."E..D..k.V:.....0U.>q._\|H..36..+....8..^..c..s.....L....@DQtz...Y...f....{<....._..S.+ ....%..P.....[..l............\..>..\\|.,.\Fk.c........8...(...$.._1.~....$.}.8..8....=juK.\|...-..9......\Xy..2S.@Yp~f.\`.A.s.....G4.^......WQ,.S,,>......wx.w.s.....0...8N.g. [m.+,.h.a._x..[4[..Gq....R(3

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.plugin (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.980312923623659
Encrypted:	false
SSDEEP:	24:qTLjdsRyeK94A/4VqEQVC/YFTszIRuXgigDDNNjjjvTpxFK8:ELZsRyD9T/4Vqp4AFMouXrYNRjjvTnFb
MD5:	75220D8A8A097043744CC0C7DAE8A059
SHA1:	54BFEF1EEA080EF3343A84FE907462152EA16920
SHA-256:	FF7421F04B2E7E6BC63F319C14D72D9579997E7B0D0E2531998BB8720B629C1B
SHA-512:	F543E061AFF30C5156F79E7DD1AA3404EE6D7F80915746B9BDF87A99FF9084D04794487EF5043A89014833A79A048E2EC30F2F2FAC893D49C1675D5D1CDF3F18
Malicious:	false
Preview:	<?xml version='1.0'?>.. This is a sample XML document -->..<Plugin>...<height>500</height>...<width>700</width>...<runFilePath>cwa-convert.exe</runFilePath>...<htmlFilePath>cwa-convert.html</htmlFilePath>...<savedValuesFilePath>saved.xml</savedValuesFilePath>...<iconName>cwa-convert.ico</iconName>...<description>Converts binary .cwa files to application-friendly formats. Current version supports specifying a time-slice via the data preview pane. Optional output streams (battery, light, temperature). Multiple timestamp formats available.</description>...<fileName>Convert_CWA</fileName>...<readableName>Convert CWA</readableName>...<outputFile>.csv .wav .raw</outputFile>...<inputFile>.cwa</inputFile>...<wantMetadata>true</wantMetadata>...<outputExtensions>....<extension>csv</extension>....<extension>wav</extension>....<extension>raw</extension>...</outputExtensions>...<defaultValues>....<fileStart>fileStart</fileStart>....<fileEnd>fileEnd</fileEnd>...</defaultValues>...<createsOutput>

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\analyze.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 235 x 211, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29667
Entropy (8bit):	7.9824063070829325
Encrypted:	false
SSDEEP:	768:a35VJEyIjCSfZCM+E0CrmlvyX9bHUQzSUNB:cEfj3t+oCxy9gsn
MD5:	E2750427F8F660E4A6C36328AC604037
SHA1:	67C00EF19383B9D55D403B6955A3D9FE2424A830
SHA-256:	1DA61C3C2417EED94DDA50EDC9809DBF1A81DEF8F8EEB1C577DA6D23B7327ABB
SHA-512:	C4FBC6895D60A661ECA3EEBF9CE93FB62F95D2AEBC281D9C8FA673E71F7541C64DBC1FC7DF661ABB9704473760DC31C42183583B873D774E01847D04BA395B94
Malicious:	false
Preview:	.PNG........IHDR.............`#......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\background left.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 270 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10675
Entropy (8bit):	7.855792547882974
Encrypted:	false
SSDEEP:	192:QSDS0tKg9E05TV3AhGhrR2ER422yJGMSfGsxKhe:3JXE05/2ER3tSfGEEe
MD5:	6622F06BA0239A047BA5F75DE1E40935
SHA1:	CBBD0EBE6B97427789888EC9826490687B6705B2
SHA-256:	2B16813F80DEF0F4569B88FDE041FA58BCE96C24221436E994EE265801BF225D
SHA-512:	D7693BFBE7A5311D375EC8D6920D411F5FC0FFE63E3FF33F50526F095C986B33AA494060D0661EBC359C408DDEBEABC5484E3EFF79DB944563A1D0FDE7B499F1
Malicious:	false
Preview:	.PNG........IHDR.............ZF......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\background middle.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 787 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4140
Entropy (8bit):	5.514702010098084
Encrypted:	false
SSDEEP:	96:NxQY9fW/9RIAAssrTAdZR2zqq11AAssKAxaWsYecssHGGmqq11AAsssHGmqqq11r:NxU/DIAAss+ZR2zqq11AAssKAxaW1ss6
MD5:	C2E958A624B5FABD241277E3E693F4A2
SHA1:	BC3C845E83FB79EC5331090E3E634CC69F3E2B6A
SHA-256:	81C38EBE8D0C41BDCEBD42CD7A09F8537C1B0BD8131019C7C885ABBE94AEAA39
SHA-512:	2FAAE2695C6DD4386C0BD690364B54BD2E9F464BAFDECF05FD69E693941CD25BBD25A044827154308A8E39080AA2712D2451B34C6077229718FAF90D729FE33D
Malicious:	false
Preview:	.PNG........IHDR..............z.2....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E" xmpMM:DocumentID="xmp.did:D6A421B3609B11E2AFD8AC757B891629" xmpMM:InstanceID="xmp.iid:D6A421B2609B11E2AFD8AC757B891629" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A74E67B6215FE211AC06F9441A82FEFD" stRef:documentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..A....\IDATx....m.P.E...M..'t....=R.d.)....>..\|>.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\background right.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 309 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	11142
Entropy (8bit):	7.861240065287498
Encrypted:	false
SSDEEP:	192:WSDS0tKg9E05TevtvtvcApAc/oOv7H14UyaNsbpubpApApz/MKopuTPf+lPBXqvS:5JXE05C11OkSvaNsbhpuTPfSPg11Z11I
MD5:	B71602511773A60551F70AA9BC6049DE
SHA1:	D3EFDB13568ACD0AF71743B9CA24F7B3E3D0ABD3
SHA-256:	A1E56FB8C8357790AD47FD5A88C61148CF5F90E8586917F22EC3745B5069B503
SHA-512:	B7A1433310BCEA55234A64D9F2BBA5612BB0CFF1832490A7BF7CB604747030A3759F92CC121A5BFD1CD1AAAFE324C9183890CC9CDE74F6B070F8628DE3A5FDEE
Malicious:	false
Preview:	.PNG........IHDR...5..........Ugd....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\buttonbackground.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3829
Entropy (8bit):	7.9044616542640895
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nTCaFhlF27faJPeDVjj:/SDS0tKg9E05TTF2fCPcVjj
MD5:	E68A8E1C7F662733E05A9E19170BB9DA
SHA1:	7F54242A562B045DCEC592D42ABCA3C0CE684163
SHA-256:	62EEA2930A491164035CE649F74F9A726374BB206C3CC51872F0EBE312C178DD
SHA-512:	507C83791E4C4623396AE8143502D574600D2D1974087312C42D901ED744FA41F34366D31586C441B23A28CF3E68710C51244DB4B9ADA4014016E70BE743ECAF
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\buttonshadow.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 233 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3665
Entropy (8bit):	7.900185350830456
Encrypted:	false
SSDEEP:	96:tSDZ/I09Da01l+gmkyTt6Hk8nTWRi4KxpbF1b:tSDS0tKg9E05TWRipbF1b
MD5:	431CAB7131EB26A7694DFDCE34ACDD8D
SHA1:	7081BAD951A7C71DF8D630AE550F6E1C52654FDE
SHA-256:	CC097EB188ED451F866F863A96C93B8B717EDB0D2C443C5AC0EDC8D6A74C8738
SHA-512:	18515EF1F5CFC6F285C0E7C21383C21B8A419A75FE050529531636CF2EB1B58C78344EE7DDC896A065EB73044A4D531223E2EA6C4862EDA209B4C1B3427F9111
Malicious:	false
Preview:	.PNG........IHDR.......g......eK....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\buttonshadows.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 815 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4880
Entropy (8bit):	7.84900618092586
Encrypted:	false
SSDEEP:	96:USDZ/I09Da01l+gmkyTt6Hk8nT8VcdaI9R8nG5dNG:USDS0tKg9E05T8lER8G1G
MD5:	A94D4D23AC6EA1919A7F5F19E99EDA99
SHA1:	EAC2FFD53CEFEAAF7BBAE0CAF8A65DCECEB0B6DD
SHA-256:	B3E58EE57FDBE008453B6E2D7F75A448754A99754D57FFFF9A8F02A020DB00FF
SHA-512:	028C38AB9D20AFC278C6E7BD6918483E9A42AE4BB55331310E74CABF65AA59753E191478EF348C8991A9E72FA858AA5FA4198D87791537A0EC5752955964CF0F
Malicious:	false
Preview:	.PNG........IHDR.../...g.......}.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\contentbackground.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 390, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2924
Entropy (8bit):	7.875020015401922
Encrypted:	false
SSDEEP:	48:p/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODezW:pSDZ/I09Da01l+gmkyTt6Hk8nTGW
MD5:	32E42A30831D0CCB44FF3C23F84D69FA
SHA1:	D5B884320A01E5C51E190FDD6E6ED1C8DBEEA7CE
SHA-256:	22C91ADA2FCF30B9CB358FF18347B7EFD79A5BA3F2AE3C24FD6B0FE9BD851E69
SHA-512:	BAA928F9B5E51885332B4BAED3C4CB0E6596422736E10600B817ACE0B3C1C3FB39DC16E0EAE70DC95F4EE8134643F8126BD7B43E418C34B79E56C064B9BDCEDA
Malicious:	false
Preview:	.PNG........IHDR.............5.\|.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\contentbackground428.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 2 x 1000, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3297
Entropy (8bit):	7.890112387496165
Encrypted:	false
SSDEEP:	96:dSDZ/I09Da01l+gmkyTt6Hk8nTDBdUEF5vczDo:dSDS0tKg9E05T3UE50g
MD5:	A4AB2D64E4DC771743B6293E303A1B60
SHA1:	883845E2D570FAFFE095D27940F9C081213665D9
SHA-256:	75499938CFBE25364B01DBCF686371BB2EB0ABEFB4AAEA2BB9EB8357B9140FA0
SHA-512:	DDC4098359F452FFFEBCF793597E1BA31AC9254ECE2BFD898BFD35236F342677A8436669AEB9F2F02EB8CDACDD9946052EB47FCEC3C61C50FD506D51059CA9C7
Malicious:	false
Preview:	.PNG........IHDR............../]....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\contentshadow.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 871 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4635
Entropy (8bit):	7.912550011635644
Encrypted:	false
SSDEEP:	96:qSDZ/I09Da01l+gmkyTt6Hk8nTilrjaHqiwp/9p3x:qSDS0tKg9E05Ti9jRVn
MD5:	490AB873EE03CA84F9D3DAB627B687EE
SHA1:	72EE8D63AC23FF7E01CE0512A3A04682B7B70A7A
SHA-256:	52B69E251F97C56B71B337A20086E99BB9C2F6538FDF9E7E531F97D9ED273672
SHA-512:	1E05174427162C75DE38FD27E0E8698A426646B1452A596BE54C6D466EBA9CF0A50BC4F744F027192EBBBE1BDCDCEE52C55AB990F7D3D212869DF6FFE2289CD7
Malicious:	false
Preview:	.PNG........IHDR...g..........Xdj....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\day.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4500
Entropy (8bit):	7.923978058897863
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nTvkQZlXRrwPgZVxV6bMY:/SDS0tKg9E05TvkQZlXxwIZVx0bMY
MD5:	009F1D5F8EF77487A8A0043816C4C995
SHA1:	D816A6017D610A005798FAE6B8139E2BC6006381
SHA-256:	C5F8B401CF15110E9EB4EC9EF28EC577A4A9A49F5744A0451D0E25F90B64467C
SHA-512:	88112FA3A1B44C8382B1CDAA9CEF69ED6DE83A50F190E9A55EF28B6B2C11AE3F6BB7C9B9E94E9E1F4999E8259A4B5F217F35BF043F22443713BBA16C9F51E3F2
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\glyphicons-halflings-white.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8777
Entropy (8bit):	7.923998391913574
Encrypted:	false
SSDEEP:	192:41MFu/STZChMGLw/LtI30ukSCeQm9F+xZdqdfQpTTTIyQY7thi7uWB:iMdZ/GLILBmWEiTTTIyQY5hi71
MD5:	9BBC6E9602998A385C2EA13DF56470FD
SHA1:	A25C4705320FD63C33790E666872910E702B9BF6
SHA-256:	F0E0D95A9C8ABCDFABF46348E2D4285829BB0491F5F6AF0E05AF52BFFB6324C4
SHA-512:	47853ECE55B43CB9CC33C8BBFAABF407389565A0FC1FD042FAC502EA96784B4CFC985EA536622843EF7FAB76AD503157C927BB57332D970AF9B3F092E4C9D5D8
Malicious:	false
Preview:	.PNG........IHDR...............{....PLTE........................mmm.................................................................................................................................................................ttt.........................bbb..................................................................eeeggg.....................................xxx...........................................................................................................................................................................................................................................................................................UUU...............................................................................................rO.....tRNS........#.._../.........o.S..?.....C..kD....O.S._........6..>4!~a..@1.._'o..n.....M...3.BQj..p&%!.l.."Xqr;... A[.<`.am}4.3/0I...PCM!6(*gK&YQ.GDP,..`.{.VP.-..x.)h.7.e1]...W..$..1..b.zS.c.O..].....U.;Zi<N#..).86pV.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\glyphicons-halflings.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	12799
Entropy (8bit):	7.954371008999522
Encrypted:	false
SSDEEP:	192:CDrgTE80fO3w9Gw/gMmhqb/KEliZ5pjSWw5JTfvJRbNn1tgbn+qFynb21kt1kIhL:CfAc9GugMIQRl65AJzp1aoFt1gk
MD5:	2516339970D710819585F90773AEBE0A
SHA1:	84F613631B07D4FE22ACBAB50E551C0FE04BD78B
SHA-256:	D99E3FA32C641032F08149914B28C2DC6ACF2EC62F70987F2259EABBFA7FC0DE
SHA-512:	E1BB0066E619679B880F43E85C3367C57CD13411AB012A67E429B21E7FF80A1A5B8F1EB5BFAC4CC272EB2BB606341182E91FF1CF7D59CF8BD811D98EAFD71D5C
Malicious:	false
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..1.IDATx..}ml\E..W..^..D$\|n.w'..;v...8.m0..k<f.8....<.h3$.. ...b,mn.... ........0...L Y`6s'.>...Q.........S......n.S.V.;1K.G...s...>Uo...TU.1c..Yu...c..a&...#C,p.....>k.......U.LW..-s.n.3V.q..~N....o...c...I.~L.....{..-....H8%_..M..w.B..6EW..,.p.......Y...2+.(Y....@..&..A./.......3kX.h....-.a.....A....<>P...'\...J.;(.}.#..Qz......:4..%m?nf.ntK.....l.9J...+.D..I..Yu1Y...Z^..(.]YYE..f@......lX..z].U.t......u...&..5-P...W.}..@t.\|.#L..Y..=..s.......,w#.+.R.+.?..a.x...X.0.."..ea).t.G....wV..w..V^...rf%xB.(.q..4>....W.G.#...lW.U<......XJV...l.....R...$k.DVr.I....7:.X<.s>%X.1...N..Ez....w...;y..9.z.9.O.%.~..~..u....*.=.....I..x.c.y}....Y(...o....u..N$.^..j......e\..iX...]..;Y-.r........&..>.!..zl.Y.aVHVN..9=..]..=.......mR..M......d...OU.C..J.UiT.}r.W...W'....u..).......F"YU.#..P......&......R.O....wyz..m..$...O.....s? +^.FT.....I.E.q.%..&.....~..>.M...}]......w..A...?.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\gradientgraph.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 390, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	117264
Entropy (8bit):	7.985263256233834
Encrypted:	false
SSDEEP:	1536:YtYlb2phWm3koaEMEYkgaV1zqVj8djBOqPl8s8lW0Yo7M3R4ZQ7higKwTIKuz1Md:E3TTWfkgYhqV2sqt8nW0Yo7+RYgwywk
MD5:	07C120F2FD1D279B30068C00AE5DC4EE
SHA1:	FB8F3101EDB6D41B6BEAAFDA7B6FCE100CA3E2C9
SHA-256:	0D13B0049DB8639F203B8A5DA7E4E8BFFCDE518CA0E87C6435C4293177AB5867
SHA-512:	BA62884DF4959FFFD26179047A16A1229098B6F7C37A6D735AD7942116D9AC7562B593875AF84C5726BFF80E9D91758DA52AEC07ED16CF2A0BC25CE57CB0D41E
Malicious:	false
Preview:	.PNG........IHDR..............6.X....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\gradientgraphsmall.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 250 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10489
Entropy (8bit):	7.965741081358159
Encrypted:	false
SSDEEP:	192:ASDS0tKg9E05Tantmof5IQV5UQbl/Ewe8k4vtX93UpauhqTNf1rPJf:nJXE05SthXRdEwWEVhKDar5
MD5:	6223ACD59C394F90D91F29CE41D70D83
SHA1:	061609B97F9027A00D5607C71041F77F4B62D458
SHA-256:	9F4ABA4B940439681C0499349F3BE94642C858FA548E152EBA13A107F8FDA772
SHA-512:	7BB4039670205454920DC3B2904F63A10E1A73FC8C0F02F4013619883A56A662E30F9232C7AB2B6891628F48BAED2DA7497B11C9FDEBD55DCE6381CB44D7EEB5
Malicious:	false
Preview:	.PNG........IHDR.......g.....)._.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\gridcontent.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 372, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22359
Entropy (8bit):	7.7127315592693435
Encrypted:	false
SSDEEP:	384:QJXE05wJf+JX2w/e6iAWO9cDrMac3OkjlCqoPusVN3hIITl3rM3idF539dpXCxRT:M354o2w/e6iAfe/Ds7oPusL3hrTl3XZg
MD5:	931C86E8F1199B0F9E0F260E8D92E1F2
SHA1:	9A3DE2269005DCBFE6D420F522D2D72485B1D78B
SHA-256:	F79B831CBE2D4F37D5C6839513C9F8DA481CE6D463AFEECD77D72E36ECF85477
SHA-512:	47DF3058C52FFDE61B6B0C6AC721B0AD29A84805B6693DFC311DD1241AB43B6943B4BBA6D42D7554278582405A2AC55482FC4A69D01C87C31932354CC3702C59
Malicious:	false
Preview:	.PNG........IHDR.......t......lnJ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\headerbackground.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 106, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2852
Entropy (8bit):	7.867842123870298
Encrypted:	false
SSDEEP:	48:J/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODK0:JSDZ/I09Da01l+gmkyTt6Hk8nTX
MD5:	AD8AB8C5E19A7B24E060E9C6B4A8C13D
SHA1:	3553B00745DB1BC65E8AD0A224BBC49ECCEECA6F
SHA-256:	117BD3E359D760CB12B5B3F6865FA125A801269523A851542989D91413DC7A3E
SHA-512:	1CD55120C2761ECF272466B6A2E4A9568A891D209ECDF5FA5EEA5307D4DB7105898F31C2C680C621657DF7CDB2F38D606CA13684184B3A301F2166329401878D
Malicious:	false
Preview:	.PNG........IHDR.......j......D.G....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\innerglow.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 1100, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	29493
Entropy (8bit):	7.392034002277657
Encrypted:	false
SSDEEP:	768:s35g9ZhweCCYKdYk1oMnG9GZNYlKU/KNs:dZFdYKYEoMnG9GZl0Ki
MD5:	12CAD92A07320280831AC634DEAE61FE
SHA1:	D0F827A47195F5D252F865B1E1E5A75367537027
SHA-256:	0D1C39FD6E82E138B9EEE5B7650A552C9ACBA2F39A6F17F987441CD7AF853E02
SHA-512:	29DFE8D6D9508E7E9698FAD768208526C1BDB2E5A1C0197D3989FA63BD7F44FB6071C7486CEED15FF87B86E0532643CE08A29B365EECB9FBA30033ED7EBBC5CF
Malicious:	false
Preview:	.PNG........IHDR...V...L......a_.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-2LF35.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 301 x 55, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7621
Entropy (8bit):	7.950162226593725
Encrypted:	false
SSDEEP:	192:/SDS0tKg9E05TLoQjvrVJ401yyFFuKacEsBK:qJXE05v3BuyyYFFEAK
MD5:	805B09E6CFFE2948E891319A5329B03B
SHA1:	C402A1E1C5C2C839E9E3AE444D452D6EBCFA863C
SHA-256:	E52721BF4652B39B3D017E26866E86320B76DC358214B157D86B3DC58334750B
SHA-512:	A23AC19A36D67242FF944B463A1B9695C4B6DE8362B3328A88E7E05DE812C3AAAD8E4D698E2CAEE6ADA0EB0BAB1F287248FF4C31CA80BBD2718FD5103179699B
Malicious:	false
Preview:	.PNG........IHDR...-...7.....Y.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-3OVVV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4500
Entropy (8bit):	7.923978058897863
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nTvkQZlXRrwPgZVxV6bMY:/SDS0tKg9E05TvkQZlXxwIZVx0bMY
MD5:	009F1D5F8EF77487A8A0043816C4C995
SHA1:	D816A6017D610A005798FAE6B8139E2BC6006381
SHA-256:	C5F8B401CF15110E9EB4EC9EF28EC577A4A9A49F5744A0451D0E25F90B64467C
SHA-512:	88112FA3A1B44C8382B1CDAA9CEF69ED6DE83A50F190E9A55EF28B6B2C11AE3F6BB7C9B9E94E9E1F4999E8259A4B5F217F35BF043F22443713BBA16C9F51E3F2
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-59SF1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 106, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2852
Entropy (8bit):	7.867842123870298
Encrypted:	false
SSDEEP:	48:J/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODK0:JSDZ/I09Da01l+gmkyTt6Hk8nTX
MD5:	AD8AB8C5E19A7B24E060E9C6B4A8C13D
SHA1:	3553B00745DB1BC65E8AD0A224BBC49ECCEECA6F
SHA-256:	117BD3E359D760CB12B5B3F6865FA125A801269523A851542989D91413DC7A3E
SHA-512:	1CD55120C2761ECF272466B6A2E4A9568A891D209ECDF5FA5EEA5307D4DB7105898F31C2C680C621657DF7CDB2F38D606CA13684184B3A301F2166329401878D
Malicious:	false
Preview:	.PNG........IHDR.......j......D.G....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-6385D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4472
Entropy (8bit):	7.920666209153228
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nT1f7miiCi6BgEkvmfwXh/so3t6H:/SDS0tKg9E05T1Siit0wXmoC
MD5:	F4ABDED60BBDC1A7F80B1AE87558087D
SHA1:	8118D40BE94EE3105AD06704F14697D6F4FB71F7
SHA-256:	ACBCEA1C5EC39151D6EFF46446B3658F74A57E920C83F0CCC4345B0E4825F501
SHA-512:	54CAE30E9D72908476FCDB9A2FFA5B878EFB923A6DC72F1A6C740965CE2E652386DF11A20B83281363ED104A4A10D79EAAE4FF662EB76E4153FAEB176620AA66
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-8BUNF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 233 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3665
Entropy (8bit):	7.900185350830456
Encrypted:	false
SSDEEP:	96:tSDZ/I09Da01l+gmkyTt6Hk8nTWRi4KxpbF1b:tSDS0tKg9E05TWRipbF1b
MD5:	431CAB7131EB26A7694DFDCE34ACDD8D
SHA1:	7081BAD951A7C71DF8D630AE550F6E1C52654FDE
SHA-256:	CC097EB188ED451F866F863A96C93B8B717EDB0D2C443C5AC0EDC8D6A74C8738
SHA-512:	18515EF1F5CFC6F285C0E7C21383C21B8A419A75FE050529531636CF2EB1B58C78344EE7DDC896A065EB73044A4D531223E2EA6C4862EDA209B4C1B3427F9111
Malicious:	false
Preview:	.PNG........IHDR.......g......eK....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-8IRJL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 250 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10489
Entropy (8bit):	7.965741081358159
Encrypted:	false
SSDEEP:	192:ASDS0tKg9E05Tantmof5IQV5UQbl/Ewe8k4vtX93UpauhqTNf1rPJf:nJXE05SthXRdEwWEVhKDar5
MD5:	6223ACD59C394F90D91F29CE41D70D83
SHA1:	061609B97F9027A00D5607C71041F77F4B62D458
SHA-256:	9F4ABA4B940439681C0499349F3BE94642C858FA548E152EBA13A107F8FDA772
SHA-512:	7BB4039670205454920DC3B2904F63A10E1A73FC8C0F02F4013619883A56A662E30F9232C7AB2B6891628F48BAED2DA7497B11C9FDEBD55DCE6381CB44D7EEB5
Malicious:	false
Preview:	.PNG........IHDR.......g.....)._.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-9UA5Q.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3829
Entropy (8bit):	7.9044616542640895
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nTCaFhlF27faJPeDVjj:/SDS0tKg9E05TTF2fCPcVjj
MD5:	E68A8E1C7F662733E05A9E19170BB9DA
SHA1:	7F54242A562B045DCEC592D42ABCA3C0CE684163
SHA-256:	62EEA2930A491164035CE649F74F9A726374BB206C3CC51872F0EBE312C178DD
SHA-512:	507C83791E4C4623396AE8143502D574600D2D1974087312C42D901ED744FA41F34366D31586C441B23A28CF3E68710C51244DB4B9ADA4014016E70BE743ECAF
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-AC922.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 815 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4880
Entropy (8bit):	7.84900618092586
Encrypted:	false
SSDEEP:	96:USDZ/I09Da01l+gmkyTt6Hk8nT8VcdaI9R8nG5dNG:USDS0tKg9E05T8lER8G1G
MD5:	A94D4D23AC6EA1919A7F5F19E99EDA99
SHA1:	EAC2FFD53CEFEAAF7BBAE0CAF8A65DCECEB0B6DD
SHA-256:	B3E58EE57FDBE008453B6E2D7F75A448754A99754D57FFFF9A8F02A020DB00FF
SHA-512:	028C38AB9D20AFC278C6E7BD6918483E9A42AE4BB55331310E74CABF65AA59753E191478EF348C8991A9E72FA858AA5FA4198D87791537A0EC5752955964CF0F
Malicious:	false
Preview:	.PNG........IHDR.../...g.......}.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-AJIG5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 787 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4140
Entropy (8bit):	5.514702010098084
Encrypted:	false
SSDEEP:	96:NxQY9fW/9RIAAssrTAdZR2zqq11AAssKAxaWsYecssHGGmqq11AAsssHGmqqq11r:NxU/DIAAss+ZR2zqq11AAssKAxaW1ss6
MD5:	C2E958A624B5FABD241277E3E693F4A2
SHA1:	BC3C845E83FB79EC5331090E3E634CC69F3E2B6A
SHA-256:	81C38EBE8D0C41BDCEBD42CD7A09F8537C1B0BD8131019C7C885ABBE94AEAA39
SHA-512:	2FAAE2695C6DD4386C0BD690364B54BD2E9F464BAFDECF05FD69E693941CD25BBD25A044827154308A8E39080AA2712D2451B34C6077229718FAF90D729FE33D
Malicious:	false
Preview:	.PNG........IHDR..............z.2....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E" xmpMM:DocumentID="xmp.did:D6A421B3609B11E2AFD8AC757B891629" xmpMM:InstanceID="xmp.iid:D6A421B2609B11E2AFD8AC757B891629" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A74E67B6215FE211AC06F9441A82FEFD" stRef:documentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..A....\IDATx....m.P.E...M..'t....=R.d.)....>..\|>.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-B43B8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 2 x 1000, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3297
Entropy (8bit):	7.890112387496165
Encrypted:	false
SSDEEP:	96:dSDZ/I09Da01l+gmkyTt6Hk8nTDBdUEF5vczDo:dSDS0tKg9E05T3UE50g
MD5:	A4AB2D64E4DC771743B6293E303A1B60
SHA1:	883845E2D570FAFFE095D27940F9C081213665D9
SHA-256:	75499938CFBE25364B01DBCF686371BB2EB0ABEFB4AAEA2BB9EB8357B9140FA0
SHA-512:	DDC4098359F452FFFEBCF793597E1BA31AC9254ECE2BFD898BFD35236F342677A8436669AEB9F2F02EB8CDACDD9946052EB47FCEC3C61C50FD506D51059CA9C7
Malicious:	false
Preview:	.PNG........IHDR............../]....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-BRAT2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	12799
Entropy (8bit):	7.954371008999522
Encrypted:	false
SSDEEP:	192:CDrgTE80fO3w9Gw/gMmhqb/KEliZ5pjSWw5JTfvJRbNn1tgbn+qFynb21kt1kIhL:CfAc9GugMIQRl65AJzp1aoFt1gk
MD5:	2516339970D710819585F90773AEBE0A
SHA1:	84F613631B07D4FE22ACBAB50E551C0FE04BD78B
SHA-256:	D99E3FA32C641032F08149914B28C2DC6ACF2EC62F70987F2259EABBFA7FC0DE
SHA-512:	E1BB0066E619679B880F43E85C3367C57CD13411AB012A67E429B21E7FF80A1A5B8F1EB5BFAC4CC272EB2BB606341182E91FF1CF7D59CF8BD811D98EAFD71D5C
Malicious:	false
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..1.IDATx..}ml\E..W..^..D$\|n.w'..;v...8.m0..k<f.8....<.h3$.. ...b,mn.... ........0...L Y`6s'.>...Q.........S......n.S.V.;1K.G...s...>Uo...TU.1c..Yu...c..a&...#C,p.....>k.......U.LW..-s.n.3V.q..~N....o...c...I.~L.....{..-....H8%_..M..w.B..6EW..,.p.......Y...2+.(Y....@..&..A./.......3kX.h....-.a.....A....<>P...'\...J.;(.}.#..Qz......:4..%m?nf.ntK.....l.9J...+.D..I..Yu1Y...Z^..(.]YYE..f@......lX..z].U.t......u...&..5-P...W.}..@t.\|.#L..Y..=..s.......,w#.+.R.+.?..a.x...X.0.."..ea).t.G....wV..w..V^...rf%xB.(.q..4>....W.G.#...lW.U<......XJV...l.....R...$k.DVr.I....7:.X<.s>%X.1...N..Ez....w...;y..9.z.9.O.%.~..~..u....*.=.....I..x.c.y}....Y(...o....u..N$.^..j......e\..iX...]..;Y-.r........&..>.!..zl.Y.aVHVN..9=..]..=.......mR..M......d...OU.C..J.UiT.}r.W...W'....u..).......F"YU.#..P......&......R.O....wyz..m..$...O.....s? +^.FT.....I.E.q.%..&.....~..>.M...}]......w..A...?.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-C9485.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 372, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22359
Entropy (8bit):	7.7127315592693435
Encrypted:	false
SSDEEP:	384:QJXE05wJf+JX2w/e6iAWO9cDrMac3OkjlCqoPusVN3hIITl3rM3idF539dpXCxRT:M354o2w/e6iAfe/Ds7oPusL3hrTl3XZg
MD5:	931C86E8F1199B0F9E0F260E8D92E1F2
SHA1:	9A3DE2269005DCBFE6D420F522D2D72485B1D78B
SHA-256:	F79B831CBE2D4F37D5C6839513C9F8DA481CE6D463AFEECD77D72E36ECF85477
SHA-512:	47DF3058C52FFDE61B6B0C6AC721B0AD29A84805B6693DFC311DD1241AB43B6943B4BBA6D42D7554278582405A2AC55482FC4A69D01C87C31932354CC3702C59
Malicious:	false
Preview:	.PNG........IHDR.......t......lnJ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-E2TEP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8777
Entropy (8bit):	7.923998391913574
Encrypted:	false
SSDEEP:	192:41MFu/STZChMGLw/LtI30ukSCeQm9F+xZdqdfQpTTTIyQY7thi7uWB:iMdZ/GLILBmWEiTTTIyQY5hi71
MD5:	9BBC6E9602998A385C2EA13DF56470FD
SHA1:	A25C4705320FD63C33790E666872910E702B9BF6
SHA-256:	F0E0D95A9C8ABCDFABF46348E2D4285829BB0491F5F6AF0E05AF52BFFB6324C4
SHA-512:	47853ECE55B43CB9CC33C8BBFAABF407389565A0FC1FD042FAC502EA96784B4CFC985EA536622843EF7FAB76AD503157C927BB57332D970AF9B3F092E4C9D5D8
Malicious:	false
Preview:	.PNG........IHDR...............{....PLTE........................mmm.................................................................................................................................................................ttt.........................bbb..................................................................eeeggg.....................................xxx...........................................................................................................................................................................................................................................................................................UUU...............................................................................................rO.....tRNS........#.._../.........o.S..?.....C..kD....O.S._........6..>4!~a..@1.._'o..n.....M...3.BQj..p&%!.l.."Xqr;... A[.<`.am}4.3/0I...PCM!6(*gK&YQ.GDP,..`.{.VP.-..x.)h.7.e1]...W..$..1..b.zS.c.O..].....U.;Zi<N#..).86pV.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-EDUOE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4680
Entropy (8bit):	7.929050221960049
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nT7XTm4V+UuyvTh1PUJY:/SDS0tKg9E05T7XTm8puyv1yJY
MD5:	69E0B7D8FAA49E5AD1A57D910A990C14
SHA1:	F6205CF0A72590EB48F1311C1A51623D054FA2AC
SHA-256:	96786E42B70A880F83143FF0D952354DE30B9B51B0F28D36381E49D7ADFE3464
SHA-512:	5936D03CC1CC302497A955F1388EEC3C73BBE12B42CAF124A5D0EA0808B67AD7E84C71D3BF06E0AF12E7AA56976CBC1ED1DCF25E6236FB88E0F962243604D0C5
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-KCUIK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 1100, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	29493
Entropy (8bit):	7.392034002277657
Encrypted:	false
SSDEEP:	768:s35g9ZhweCCYKdYk1oMnG9GZNYlKU/KNs:dZFdYKYEoMnG9GZl0Ki
MD5:	12CAD92A07320280831AC634DEAE61FE
SHA1:	D0F827A47195F5D252F865B1E1E5A75367537027
SHA-256:	0D1C39FD6E82E138B9EEE5B7650A552C9ACBA2F39A6F17F987441CD7AF853E02
SHA-512:	29DFE8D6D9508E7E9698FAD768208526C1BDB2E5A1C0197D3989FA63BD7F44FB6071C7486CEED15FF87B86E0532643CE08A29B365EECB9FBA30033ED7EBBC5CF
Malicious:	false
Preview:	.PNG........IHDR...V...L......a_.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-M3OPP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 390, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	117264
Entropy (8bit):	7.985263256233834
Encrypted:	false
SSDEEP:	1536:YtYlb2phWm3koaEMEYkgaV1zqVj8djBOqPl8s8lW0Yo7M3R4ZQ7higKwTIKuz1Md:E3TTWfkgYhqV2sqt8nW0Yo7+RYgwywk
MD5:	07C120F2FD1D279B30068C00AE5DC4EE
SHA1:	FB8F3101EDB6D41B6BEAAFDA7B6FCE100CA3E2C9
SHA-256:	0D13B0049DB8639F203B8A5DA7E4E8BFFCDE518CA0E87C6435C4293177AB5867
SHA-512:	BA62884DF4959FFFD26179047A16A1229098B6F7C37A6D735AD7942116D9AC7562B593875AF84C5726BFF80E9D91758DA52AEC07ED16CF2A0BC25CE57CB0D41E
Malicious:	false
Preview:	.PNG........IHDR..............6.X....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-MJ4OT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4700
Entropy (8bit):	7.921737244447786
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nTz1fGKp/56ylQ4k5QqkchRUtWvfK9:/SDS0tKg9E05TZVpR64XnfOK9
MD5:	417EC14380DFA07363B746B85CAD5BCF
SHA1:	2E3605AEAFF77E9B82BA6E36081DFF575D72C1B3
SHA-256:	29346EF5C0DAEE9E69313CDE4AD321099E806B2A787AF225D84A758C4052C631
SHA-512:	F2677219735E6302C4390811B167A61721562FF76918A885DFE6D97DB9DA6D618FC98D277408876FD9A03F11CB5B3EB79F80C58650ED78A5EBB2F2460ECE1092
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-MO2IU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 235 x 211, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28249
Entropy (8bit):	7.985529844753195
Encrypted:	false
SSDEEP:	384:aJXE05uNUCFxUePGYHl4qxT9peH2I9gGM+kwRDzQpdyDDaIJyFlSqhdHY89TGpFR:a35aUC9PT9E2I9hzkw1QuDW4ZVYThcxt
MD5:	44EB3F5893CD67857BEC32F8A05F399E
SHA1:	FB46AFC29BB80EA55CC9E5BE676D59BAF9EBD1A0
SHA-256:	843EEFF4CFE4F69F5EC98EEA3A76104B5224FCFADFE22A07B627872DA8E0E175
SHA-512:	0DA6AABDEF06F05C4456E2260E744EE58C354F86182CC3FC7DBF2568F85BA4A79C7C304D087879BF3B32F1DEF6B6BBA58CF8978C0FCCDE0CC4EADD72CF840403
Malicious:	false
Preview:	.PNG........IHDR.............`#......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-N5VMD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	22421
Entropy (8bit):	7.382781405693069
Encrypted:	false
SSDEEP:	384:cJXE050vbwtRSQniH2Zn+4GjL1rGMNKc0BCEgsFzA0u:I35LCQznsjRrGMN90QEZZA0u
MD5:	CD3956C0B11967DE8DA88DA7C40ABD8F
SHA1:	28B3280D98E0FAEFBEEB824F66245D53F688367D
SHA-256:	4940060CEA6C1D1CF2B4E4F6E66DB8E30CA6452452F918B311E43915D55AA3DF
SHA-512:	D995A7ECFA327A108DDB303864E359364B7A3FFBD10BED96DC6F2113CA850C404F54968E3B416998A26F53097D4C9DBF7B19CA90586A6C43ED533328B9AF118A
Malicious:	false
Preview:	.PNG........IHDR...V.........@\......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-O1UAR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 201 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4778
Entropy (8bit):	7.839826633357473
Encrypted:	false
SSDEEP:	96:/Y2CknYxpCbPe2lWy4UT2fMZal+uAl1BqQ/DPWP9lsGXRTsqP:/hb22qUT2fwPuC/7OP/BRn
MD5:	9DC9BBECE8B76B1231348B0FD2FBDB88
SHA1:	C8F71D7F37F6A026E602E2DA0C44E2D9E4453112
SHA-256:	8F3956EEFD59CDD8E065C28052A7C41927EDC314539F07A38516CE0320356450
SHA-512:	42858EE60A99621E4DE1EC6D3C3D276FB466C577ABF05191CE119EC433663740196DB22469197CE07E726212269C1696F2C970BFAEAE7AE86A343472F7B67F27
Malicious:	false
Preview:	.PNG........IHDR.......U......b.=....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:631E073F90AD11E2B467D8F586F29896" xmpMM:DocumentID="xmp.did:631E074090AD11E2B467D8F586F29896"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:631E073D90AD11E2B467D8F586F29896" stRef:documentID="xmp.did:631E073E90AD11E2B467D8F586F29896"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.EW.....IDATx..]....... .......!....a..B..I.NX.`..D.w ..e...q.AD...H.....d.(h4.$.(..D.......O.KUwuM....S.].W......

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-OA5SG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 270 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10675
Entropy (8bit):	7.855792547882974
Encrypted:	false
SSDEEP:	192:QSDS0tKg9E05TV3AhGhrR2ER422yJGMSfGsxKhe:3JXE05/2ER3tSfGEEe
MD5:	6622F06BA0239A047BA5F75DE1E40935
SHA1:	CBBD0EBE6B97427789888EC9826490687B6705B2
SHA-256:	2B16813F80DEF0F4569B88FDE041FA58BCE96C24221436E994EE265801BF225D
SHA-512:	D7693BFBE7A5311D375EC8D6920D411F5FC0FFE63E3FF33F50526F095C986B33AA494060D0661EBC359C408DDEBEABC5484E3EFF79DB944563A1D0FDE7B499F1
Malicious:	false
Preview:	.PNG........IHDR.............ZF......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-OOMNA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 235 x 211, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22330
Entropy (8bit):	7.9810347758665445
Encrypted:	false
SSDEEP:	384:aJXE05HwtAKswap8oNDfSFBFm+/e36Uyj5SZv+woGSEzXCJTsS:a35HIANTNDSF7R/M2EzCTF
MD5:	B4FD985F20B0D373EF0D55E7ECFCD165
SHA1:	FD96A536C42FBCBD23CAFEADD9122A25A7A848FB
SHA-256:	9B53EC2BBDF169AF9CC2F4CFEA18A4EC984FFEABAA6A6CD01933E03FAD9C7E07
SHA-512:	8D64858D589D4BC047779146B595B578497AB2DC2AD883BC4DADA06A60D08C79524F060520F532BD7AF760CE9FEFCC9950D1708E7ABCB80C5B2757C73D3DBBDA
Malicious:	false
Preview:	.PNG........IHDR.............`#......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-QSMT0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 235 x 211, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29667
Entropy (8bit):	7.9824063070829325
Encrypted:	false
SSDEEP:	768:a35VJEyIjCSfZCM+E0CrmlvyX9bHUQzSUNB:cEfj3t+oCxy9gsn
MD5:	E2750427F8F660E4A6C36328AC604037
SHA1:	67C00EF19383B9D55D403B6955A3D9FE2424A830
SHA-256:	1DA61C3C2417EED94DDA50EDC9809DBF1A81DEF8F8EEB1C577DA6D23B7327ABB
SHA-512:	C4FBC6895D60A661ECA3EEBF9CE93FB62F95D2AEBC281D9C8FA673E71F7541C64DBC1FC7DF661ABB9704473760DC31C42183583B873D774E01847D04BA395B94
Malicious:	false
Preview:	.PNG........IHDR.............`#......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-TV21N.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 309 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	11142
Entropy (8bit):	7.861240065287498
Encrypted:	false
SSDEEP:	192:WSDS0tKg9E05TevtvtvcApAc/oOv7H14UyaNsbpubpApApz/MKopuTPf+lPBXqvS:5JXE05C11OkSvaNsbhpuTPfSPg11Z11I
MD5:	B71602511773A60551F70AA9BC6049DE
SHA1:	D3EFDB13568ACD0AF71743B9CA24F7B3E3D0ABD3
SHA-256:	A1E56FB8C8357790AD47FD5A88C61148CF5F90E8586917F22EC3745B5069B503
SHA-512:	B7A1433310BCEA55234A64D9F2BBA5612BB0CFF1832490A7BF7CB604747030A3759F92CC121A5BFD1CD1AAAFE324C9183890CC9CDE74F6B070F8628DE3A5FDEE
Malicious:	false
Preview:	.PNG........IHDR...5..........Ugd....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-VKMI7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 390, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2924
Entropy (8bit):	7.875020015401922
Encrypted:	false
SSDEEP:	48:p/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODezW:pSDZ/I09Da01l+gmkyTt6Hk8nTGW
MD5:	32E42A30831D0CCB44FF3C23F84D69FA
SHA1:	D5B884320A01E5C51E190FDD6E6ED1C8DBEEA7CE
SHA-256:	22C91ADA2FCF30B9CB358FF18347B7EFD79A5BA3F2AE3C24FD6B0FE9BD851E69
SHA-512:	BAA928F9B5E51885332B4BAED3C4CB0E6596422736E10600B817ACE0B3C1C3FB39DC16E0EAE70DC95F4EE8134643F8126BD7B43E418C34B79E56C064B9BDCEDA
Malicious:	false
Preview:	.PNG........IHDR.............5.\|.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\is-VRPHL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 871 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4635
Entropy (8bit):	7.912550011635644
Encrypted:	false
SSDEEP:	96:qSDZ/I09Da01l+gmkyTt6Hk8nTilrjaHqiwp/9p3x:qSDS0tKg9E05Ti9jRVn
MD5:	490AB873EE03CA84F9D3DAB627B687EE
SHA1:	72EE8D63AC23FF7E01CE0512A3A04682B7B70A7A
SHA-256:	52B69E251F97C56B71B337A20086E99BB9C2F6538FDF9E7E531F97D9ED273672
SHA-512:	1E05174427162C75DE38FD27E0E8698A426646B1452A596BE54C6D466EBA9CF0A50BC4F744F027192EBBBE1BDCDCEE52C55AB990F7D3D212869DF6FFE2289CD7
Malicious:	false
Preview:	.PNG........IHDR...g..........Xdj....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\logo.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 201 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4778
Entropy (8bit):	7.839826633357473
Encrypted:	false
SSDEEP:	96:/Y2CknYxpCbPe2lWy4UT2fMZal+uAl1BqQ/DPWP9lsGXRTsqP:/hb22qUT2fwPuC/7OP/BRn
MD5:	9DC9BBECE8B76B1231348B0FD2FBDB88
SHA1:	C8F71D7F37F6A026E602E2DA0C44E2D9E4453112
SHA-256:	8F3956EEFD59CDD8E065C28052A7C41927EDC314539F07A38516CE0320356450
SHA-512:	42858EE60A99621E4DE1EC6D3C3D276FB466C577ABF05191CE119EC433663740196DB22469197CE07E726212269C1696F2C970BFAEAE7AE86A343472F7B67F27
Malicious:	false
Preview:	.PNG........IHDR.......U......b.=....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:631E073F90AD11E2B467D8F586F29896" xmpMM:DocumentID="xmp.did:631E074090AD11E2B467D8F586F29896"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:631E073D90AD11E2B467D8F586F29896" stRef:documentID="xmp.did:631E073E90AD11E2B467D8F586F29896"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.EW.....IDATx..]....... .......!....a..B..I.NX.`..D.w ..e...q.AD...H.....d.(h4.$.(..D.......O.KUwuM....S.].W......

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\logoPA.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 301 x 55, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7621
Entropy (8bit):	7.950162226593725
Encrypted:	false
SSDEEP:	192:/SDS0tKg9E05TLoQjvrVJ401yyFFuKacEsBK:qJXE05v3BuyyYFFEAK
MD5:	805B09E6CFFE2948E891319A5329B03B
SHA1:	C402A1E1C5C2C839E9E3AE444D452D6EBCFA863C
SHA-256:	E52721BF4652B39B3D017E26866E86320B76DC358214B157D86B3DC58334750B
SHA-512:	A23AC19A36D67242FF944B463A1B9695C4B6DE8362B3328A88E7E05DE812C3AAAD8E4D698E2CAEE6ADA0EB0BAB1F287248FF4C31CA80BBD2718FD5103179699B
Malicious:	false
Preview:	.PNG........IHDR...-...7.....Y.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\month.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4700
Entropy (8bit):	7.921737244447786
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nTz1fGKp/56ylQ4k5QqkchRUtWvfK9:/SDS0tKg9E05TZVpR64XnfOK9
MD5:	417EC14380DFA07363B746B85CAD5BCF
SHA1:	2E3605AEAFF77E9B82BA6E36081DFF575D72C1B3
SHA-256:	29346EF5C0DAEE9E69313CDE4AD321099E806B2A787AF225D84A758C4052C631
SHA-512:	F2677219735E6302C4390811B167A61721562FF76918A885DFE6D97DB9DA6D618FC98D277408876FD9A03F11CB5B3EB79F80C58650ED78A5EBB2F2460ECE1092
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\upload.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 235 x 211, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28249
Entropy (8bit):	7.985529844753195
Encrypted:	false
SSDEEP:	384:aJXE05uNUCFxUePGYHl4qxT9peH2I9gGM+kwRDzQpdyDDaIJyFlSqhdHY89TGpFR:a35aUC9PT9E2I9hzkw1QuDW4ZVYThcxt
MD5:	44EB3F5893CD67857BEC32F8A05F399E
SHA1:	FB46AFC29BB80EA55CC9E5BE676D59BAF9EBD1A0
SHA-256:	843EEFF4CFE4F69F5EC98EEA3A76104B5224FCFADFE22A07B627872DA8E0E175
SHA-512:	0DA6AABDEF06F05C4456E2260E744EE58C354F86182CC3FC7DBF2568F85BA4A79C7C304D087879BF3B32F1DEF6B6BBA58CF8978C0FCCDE0CC4EADD72CF840403
Malicious:	false
Preview:	.PNG........IHDR.............`#......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\view.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 235 x 211, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22330
Entropy (8bit):	7.9810347758665445
Encrypted:	false
SSDEEP:	384:aJXE05HwtAKswap8oNDfSFBFm+/e36Uyj5SZv+woGSEzXCJTsS:a35HIANTNDSF7R/M2EzCTF
MD5:	B4FD985F20B0D373EF0D55E7ECFCD165
SHA1:	FD96A536C42FBCBD23CAFEADD9122A25A7A848FB
SHA-256:	9B53EC2BBDF169AF9CC2F4CFEA18A4EC984FFEABAA6A6CD01933E03FAD9C7E07
SHA-512:	8D64858D589D4BC047779146B595B578497AB2DC2AD883BC4DADA06A60D08C79524F060520F532BD7AF760CE9FEFCC9950D1708E7ABCB80C5B2757C73D3DBBDA
Malicious:	false
Preview:	.PNG........IHDR.............`#......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\week.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4680
Entropy (8bit):	7.929050221960049
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nT7XTm4V+UuyvTh1PUJY:/SDS0tKg9E05T7XTm8puyv1yJY
MD5:	69E0B7D8FAA49E5AD1A57D910A990C14
SHA1:	F6205CF0A72590EB48F1311C1A51623D054FA2AC
SHA-256:	96786E42B70A880F83143FF0D952354DE30B9B51B0F28D36381E49D7ADFE3464
SHA-512:	5936D03CC1CC302497A955F1388EEC3C73BBE12B42CAF124A5D0EA0808B67AD7E84C71D3BF06E0AF12E7AA56976CBC1ED1DCF25E6236FB88E0F962243604D0C5
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\whole-background.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	22421
Entropy (8bit):	7.382781405693069
Encrypted:	false
SSDEEP:	384:cJXE050vbwtRSQniH2Zn+4GjL1rGMNKc0BCEgsFzA0u:I35LCQznsjRrGMN90QEZZA0u
MD5:	CD3956C0B11967DE8DA88DA7C40ABD8F
SHA1:	28B3280D98E0FAEFBEEB824F66245D53F688367D
SHA-256:	4940060CEA6C1D1CF2B4E4F6E66DB8E30CA6452452F918B311E43915D55AA3DF
SHA-512:	D995A7ECFA327A108DDB303864E359364B7A3FFBD10BED96DC6F2113CA850C404F54968E3B416998A26F53097D4C9DBF7B19CA90586A6C43ED533328B9AF118A
Malicious:	false
Preview:	.PNG........IHDR...V.........@\......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\img\year.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 79 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4472
Entropy (8bit):	7.920666209153228
Encrypted:	false
SSDEEP:	96:/SDZ/I09Da01l+gmkyTt6Hk8nT1f7miiCi6BgEkvmfwXh/so3t6H:/SDS0tKg9E05T1Siit0wXmoC
MD5:	F4ABDED60BBDC1A7F80B1AE87558087D
SHA1:	8118D40BE94EE3105AD06704F14697D6F4FB71F7
SHA-256:	ACBCEA1C5EC39151D6EFF46446B3658F74A57E920C83F0CCC4345B0E4825F501
SHA-512:	54CAE30E9D72908476FCDB9A2FFA5B878EFB923A6DC72F1A6C740965CE2E652386DF11A20B83281363ED104A4A10D79EAAE4FF662EB76E4153FAEB176620AA66
Malicious:	false
Preview:	.PNG........IHDR...O.................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-1HKCV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with very long lines (381), with CRLF line terminators
Category:	dropped
Size (bytes):	11977
Entropy (8bit):	5.193366025833501
Encrypted:	false
SSDEEP:	192:kVsDIzjpambe4Ec4h25Uw4aCqtYoqy2qoglZQtpYGTmpo/8pWV9:qtq4Ec4hUr4aLYoqUCX
MD5:	1A82547F921A171DCF86F23191BFD318
SHA1:	1CBE6268FC5FFE12A4A707205D0FCC64866A7236
SHA-256:	E4BD06AA60D4577B6AA586E05EDB9D5B1250599C01C1140C6D88B614B9A0E103
SHA-512:	420651FDEFF17D16307E875CDD632B5CB7ED54E588BFB8D870AB43BC2E4B402913BE748334D431D5CC9F8663F6C680470E71E6BED297623560F09856E2BFDBEE
Malicious:	false
Preview:	<!DOCTYPE html> ..<html>..<meta http-equiv="X-UA-Compatible" content="IE=Edge" />..<meta charset="utf-8">...<title>OpenMovement Converter</title>...<link href="./css/bootstrap-responsive.css" rel="stylesheet">...<link href="./css/bootstrap.css" rel="stylesheet">...<link href="./css/page.css" rel="stylesheet">...<script type="text/javascript" src="./js/jquery.min.js"></script>...<script type="text/javascript" src="./js/bootstrap.js"></script> ...<script type="text/javascript" src="./js/bootstrap.min.js"></script>.....<script language="javascript">..function positionLogo() {...document.getElementById('logo').style.left = document.getElementById('content').offsetLeft + 'px';..}....</script>.... Leave this script as it is otherwise the program won't pick it up and it won't run. -->..<script language="javascript" type="text/javascript">.. //var $ = function (e) { return document.getElementById(e); }......var blockStart = -1;...var blockCount = -1;......function fillValues()...{....va

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-2V0T7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	563200
Entropy (8bit):	6.741829920311703
Encrypted:	false
SSDEEP:	12288:+l+vI0vyog/UpQ87Lx97MYpk62gSp01ldMIicFIz/Fa5wbevozdw1:+l+g6kUW8Xx9ogDSp01lXicFIDFa5jvo
MD5:	15B477AA57D8F81CD251D38CA7CB84C6
SHA1:	CA9A478EDE26638F0D881D1643CAC98C3AFE5F49
SHA-256:	822F9397A57EE1A5B4D2A25FE4031F5EB960166AC20F3FF7AA417259EF8F403E
SHA-512:	2B42BC91E3596F16C76D35C6C3DFFBB04735C6AB96ABC6C61E6FFE34BBB0EE5F791FFAA7D4ADB9C6CD15E74E42B67292F4CF940CF9222AE9DD515658DDE6FAF3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7+..Yx..Yx..Yx..x..Yx..x..Yx..x..Yx...x..Yx..Xx..Yx..x..Yx..x..YxRich..Yx................PE..L...#..O.........................................@..................................y....@..................................A..(................................2.................................8<..@............................................text............................... ..`.rdata..............................@..@.data...DC...P... ...<..............@....rsrc................\..............@..@.reloc...:.......:...^..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-407TJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3527
Entropy (8bit):	7.81337128585813
Encrypted:	false
SSDEEP:	96:9Ss5YRxkYjabEg39Q5aS4iJ7fPWdSfCwIc31:9Ss5Yrjaob5/VJr+k9
MD5:	CED13F367E9FDF9CB2045DDBFC606D6B
SHA1:	7C872ABCF649631BA513C43621605610D9125E95
SHA-256:	27BC1E463A8F3FD3C193CC5E91A463C356E39D5E81EE45FEDC54BB070B5FC895
SHA-512:	D2F7A6FBE8AD134F2073AEB76BDBF4D06922193275F72CE8DD6288EE026E7EF66410377FEF45F22355A70FCCFBE198379F1D55C4BA5D041DE96CA088B0BBAD0D
Malicious:	false
Preview:	.PNG........IHDR...@...@......iq.... cHRM..z%..............u0...`..:....o._.F....bKGD.......C......pHYs.................vpAg...@...@....`....IDATx...k%wv.?.G..}..j..v.3....!.3a..`<.U..&.@..@.!x.E...l.....<..6.......n...-..V..nK.U../...RU....d ...z.U.\|..T..&4..MhB...&....I.\|..g.q.....E.R..B...!PJ....:q..{.....Zks.Zk.R...xzz...\.~.W_}.O>..w. .Sc.o.V.Ave.>N@..+{}..Y9..Z..`./..w...>.h.Z.....>@)..`0..(.^.>..XQ.Ya.pZ.....,......m..Mk..B......-.S.....O..jS.....g.b.......5..@.....B(.(..8..1f.Z..Q.-.q<..t.. ...d.y.....K.v..crfj.AJ9. ...>_....U^..&ss/...,.Q....Xk.t:...ju.T..!..p^.QsB..... ...c,R..69.x..f...Zbq.......H..!..!.V....!.y...Honn6...Og......oY..8..u.."E..D..k.V:.....0U.>q._\|H..36..+....8..^..c..s.....L....@DQtz...Y...f....{<....._..S.+ ....%..P.....[..l............\..>..\\|.,.\Fk.c........8...(...$.._1.~....$.}.8..8....=juK.\|...-..9......\Xy..2S.@Yp~f.\`.A.s.....G4.^......WQ,.S,,>......wx.w.s.....0...8N.g. [m.+,.h.a._x..[4[..Gq....R(3

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-A0K9N.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	555520
Entropy (8bit):	6.7113933342053205
Encrypted:	false
SSDEEP:	12288:3nTww4skH2tol+VkVJrDHcSN+cfRf9JsFdwe:3n0nH2toYkVJrD9Z9Js
MD5:	33DD5633F19486728639D92992B080F2
SHA1:	BEDD5820CF9FC7285833AF533C3B08BFA1F4912E
SHA-256:	88CE021A699D591CBAFC1D1211399CB0E9543EB2A6843C4D07707EE374F3C7D5
SHA-512:	5DC1602F017AD27E6F36071AE6BE2A900F9C95AABA46A962AD27A62F70B175617840263D15E0CEB413F8513D2704FEE6CA2A7181D5F8BECD3027DCD15197DA03
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#..p..p..pLrQp..pLrSph.pLrRp..p.q..p.q..p.q..p.3p..p..p..p..q..p._p..p..q..pRich..p................PE..L...S..[.................:...N...............P....@.......................................@..................................3..(....p...........................6..`)..p............................)..@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...p$...@.......,..............@....rsrc........p.......@..............@..@.reloc...6.......8...B..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-D23T2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.980312923623659
Encrypted:	false
SSDEEP:	24:qTLjdsRyeK94A/4VqEQVC/YFTszIRuXgigDDNNjjjvTpxFK8:ELZsRyD9T/4Vqp4AFMouXrYNRjjvTnFb
MD5:	75220D8A8A097043744CC0C7DAE8A059
SHA1:	54BFEF1EEA080EF3343A84FE907462152EA16920
SHA-256:	FF7421F04B2E7E6BC63F319C14D72D9579997E7B0D0E2531998BB8720B629C1B
SHA-512:	F543E061AFF30C5156F79E7DD1AA3404EE6D7F80915746B9BDF87A99FF9084D04794487EF5043A89014833A79A048E2EC30F2F2FAC893D49C1675D5D1CDF3F18
Malicious:	false
Preview:	<?xml version='1.0'?>.. This is a sample XML document -->..<Plugin>...<height>500</height>...<width>700</width>...<runFilePath>cwa-convert.exe</runFilePath>...<htmlFilePath>cwa-convert.html</htmlFilePath>...<savedValuesFilePath>saved.xml</savedValuesFilePath>...<iconName>cwa-convert.ico</iconName>...<description>Converts binary .cwa files to application-friendly formats. Current version supports specifying a time-slice via the data preview pane. Optional output streams (battery, light, temperature). Multiple timestamp formats available.</description>...<fileName>Convert_CWA</fileName>...<readableName>Convert CWA</readableName>...<outputFile>.csv .wav .raw</outputFile>...<inputFile>.cwa</inputFile>...<wantMetadata>true</wantMetadata>...<outputExtensions>....<extension>csv</extension>....<extension>wav</extension>....<extension>raw</extension>...</outputExtensions>...<defaultValues>....<fileStart>fileStart</fileStart>....<fileEnd>fileEnd</fileEnd>...</defaultValues>...<createsOutput>

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-HDBMB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	GIF image data, version 89a, 128 x 128
Category:	dropped
Size (bytes):	7303
Entropy (8bit):	7.827464019436164
Encrypted:	false
SSDEEP:	192:b8yxqckNOgKtcKdAOs/GOR9nDyoQCl1xdjGTlD/uzcV/:bbx9bSKoHDyoQClExGi/
MD5:	BDFA0CCB43714B182B9EEE4A0CF0DC9A
SHA1:	14AE738BC83FE1004B9879F3BD72100E74E215C1
SHA-256:	ED334BA309B7DC4EB164B135E6EC95AC270767C528C7AB649B2AC8FD7EC5C8CA
SHA-512:	3925369D595CEC2693421FACDBDD76562AD75A56E74C87B41303944A85BECD22A133D3921B02E420E75D63D18953E278E18FB8E4A3CE0CD3FF6F5C7BE516ABC3
Malicious:	false
Preview:	GIF89a.....................xi~................................+5.MV.JU..(.'=.J].....!.3K.AW...)..+..5.8Q.C].DZ.Pg.CU.Zm.Vh.aq.`h.....3../..<..<..D.&L.$G.-Q.3V.:\.5R.>`.Dd.Hg.Ii.Ii.Ki.Kk.Lh.Mk.Ro.Sq.[v.e..w..p..}..t..v.....@d.Ae.Eh.Gk.Gi.Gh.Gk.Im.Ik.Im.Ik.Ko.Km.Kk.Lm.Nn.Or.Rs.Ut.Vx.]\|.Zw.k..`x....Ek.Lp.Jo.b.....e..m..{......z................................................................D.......M...Y....Y..e.5..L.h......2..=..G.Y..i........u..z..\|..~.....w...5..A..@.G.G..V.Q.._.P..o.f..u..u..{......w..v..{............#.~%..+..2..3..9..>.9.=..B..D..D..E..G..G..G.C..I..I.A..L..L..Q..R..V..T..[..c..g..m..s....`...u.q..k...4..B.{5..F..G..I..I..J..K..K..K..N..S..V..[.zO..{....u.........B..M....c.....................................!.......,...............H......\......z4.H.........c.. C...0...?`.@....Cp.....`..Sf.._........C..P../.0H@J..B..Vty...V..:../..]..k..;....A-.0..h.../.0..KX.[.0b...$H..E.K..E....t..C...CO..C.i.@..H.9....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-IAQV9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3527
Entropy (8bit):	7.81337128585813
Encrypted:	false
SSDEEP:	96:9Ss5YRxkYjabEg39Q5aS4iJ7fPWdSfCwIc31:9Ss5Yrjaob5/VJr+k9
MD5:	CED13F367E9FDF9CB2045DDBFC606D6B
SHA1:	7C872ABCF649631BA513C43621605610D9125E95
SHA-256:	27BC1E463A8F3FD3C193CC5E91A463C356E39D5E81EE45FEDC54BB070B5FC895
SHA-512:	D2F7A6FBE8AD134F2073AEB76BDBF4D06922193275F72CE8DD6288EE026E7EF66410377FEF45F22355A70FCCFBE198379F1D55C4BA5D041DE96CA088B0BBAD0D
Malicious:	false
Preview:	.PNG........IHDR...@...@......iq.... cHRM..z%..............u0...`..:....o._.F....bKGD.......C......pHYs.................vpAg...@...@....`....IDATx...k%wv.?.G..}..j..v.3....!.3a..`<.U..&.@..@.!x.E...l.....<..6.......n...-..V..nK.U../...RU....d ...z.U.\|..T..&4..MhB...&....I.\|..g.q.....E.R..B...!PJ....:q..{.....Zks.Zk.R...xzz...\.~.W_}.O>..w. .Sc.o.V.Ave.>N@..+{}..Y9..Z..`./..w...>.h.Z.....>@)..`0..(.^.>..XQ.Ya.pZ.....,......m..Mk..B......-.S.....O..jS.....g.b.......5..@.....B(.(..8..1f.Z..Q.-.q<..t.. ...d.y.....K.v..crfj.AJ9. ...>_....U^..&ss/...,.Q....Xk.t:...ju.T..!..p^.QsB..... ...c,R..69.x..f...Zbq.......H..!..!.V....!.y...Honn6...Og......oY..8..u.."E..D..k.V:.....0U.>q._\|H..36..+....8..^..c..s.....L....@DQtz...Y...f....{<....._..S.+ ....%..P.....[..l............\..>..\\|.,.\Fk.c........8...(...$.._1.~....$.}.8..8....=juK.\|...-..9......\Xy..2S.@Yp~f.\`.A.s.....G4.^......WQ,.S,,>......wx.w.s.....0...8N.g. [m.+,.h.a._x..[4[..Gq....R(3

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-KAAD5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with very long lines (381), with CRLF line terminators
Category:	dropped
Size (bytes):	11977
Entropy (8bit):	5.193366025833501
Encrypted:	false
SSDEEP:	192:kVsDIzjpambe4Ec4h25Uw4aCqtYoqy2qoglZQtpYGTmpo/8pWV9:qtq4Ec4hUr4aLYoqUCX
MD5:	1A82547F921A171DCF86F23191BFD318
SHA1:	1CBE6268FC5FFE12A4A707205D0FCC64866A7236
SHA-256:	E4BD06AA60D4577B6AA586E05EDB9D5B1250599C01C1140C6D88B614B9A0E103
SHA-512:	420651FDEFF17D16307E875CDD632B5CB7ED54E588BFB8D870AB43BC2E4B402913BE748334D431D5CC9F8663F6C680470E71E6BED297623560F09856E2BFDBEE
Malicious:	false
Preview:	<!DOCTYPE html> ..<html>..<meta http-equiv="X-UA-Compatible" content="IE=Edge" />..<meta charset="utf-8">...<title>OpenMovement Converter</title>...<link href="./css/bootstrap-responsive.css" rel="stylesheet">...<link href="./css/bootstrap.css" rel="stylesheet">...<link href="./css/page.css" rel="stylesheet">...<script type="text/javascript" src="./js/jquery.min.js"></script>...<script type="text/javascript" src="./js/bootstrap.js"></script> ...<script type="text/javascript" src="./js/bootstrap.min.js"></script>.....<script language="javascript">..function positionLogo() {...document.getElementById('logo').style.left = document.getElementById('content').offsetLeft + 'px';..}....</script>.... Leave this script as it is otherwise the program won't pick it up and it won't run. -->..<script language="javascript" type="text/javascript">.. //var $ = function (e) { return document.getElementById(e); }......var blockStart = -1;...var blockCount = -1;......function fillValues()...{....va

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-U6NTD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	5.0566730094007655
Encrypted:	false
SSDEEP:	24:qTFLURr94A/4VqEQVC/YFTszIRuXgigDDNNbT1JxFK8:EiRr9T/4Vqp4AFMouXrYNpT1HFb
MD5:	C128D6CD61111599FCBE7BB46EDB1904
SHA1:	CDF9CEC9BA07708A12D0A02D50E0122385FA253F
SHA-256:	944D208A5720B207B61144149546F9F50FB48B7281DF8BCE33EB114E20BB95C6
SHA-512:	74E5A34E3A019D395D5E71BBB9629F6C4C9EE4233C79406898FBCFE673A2B3F753A9C75AA95A54821012EB3794AF1E880A8ACBBA31DB4899270C6DF0FD1D5E53
Malicious:	false
Preview:	<?xml version='1.0'?>.. This is a sample XML document -->..<Plugin>...<height>500</height>...<width>700</width>...<runFilePath>OMPA Convertor.exe</runFilePath>...<htmlFilePath>OMPA convertor.html</htmlFilePath>...<savedValuesFilePath>saved.xml</savedValuesFilePath>...<iconName>64x64 converter.ico</iconName>...<description>Converts binary .cwa files to application-friendly formats. Current version supports specifying a time-slice via the data preview pane. Optional output streams (battery, light, temperature). Multiple timestamp formats available.</description>...<fileName>Convert_CWA</fileName>...<readableName>Convert CWA</readableName>...<outputFile>.csv .wav .raw</outputFile>...<inputFile>.cwa</inputFile>...<wantMetadata>true</wantMetadata>...<outputExtensions>....<extension>csv</extension>...</outputExtensions>...<defaultValues>....<bodyMass>80</bodyMass>....<percentage>0.22</percentage>....<fileStart>fileStart</fileStart>....<fileEnd>fileEnd</fileEnd>...</defaultValues>...<crea

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\is-VE15I.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	GIF image data, version 89a, 128 x 128
Category:	dropped
Size (bytes):	7303
Entropy (8bit):	7.827464019436164
Encrypted:	false
SSDEEP:	192:b8yxqckNOgKtcKdAOs/GOR9nDyoQCl1xdjGTlD/uzcV/:bbx9bSKoHDyoQClExGi/
MD5:	BDFA0CCB43714B182B9EEE4A0CF0DC9A
SHA1:	14AE738BC83FE1004B9879F3BD72100E74E215C1
SHA-256:	ED334BA309B7DC4EB164B135E6EC95AC270767C528C7AB649B2AC8FD7EC5C8CA
SHA-512:	3925369D595CEC2693421FACDBDD76562AD75A56E74C87B41303944A85BECD22A133D3921B02E420E75D63D18953E278E18FB8E4A3CE0CD3FF6F5C7BE516ABC3
Malicious:	false
Preview:	GIF89a.....................xi~................................+5.MV.JU..(.'=.J].....!.3K.AW...)..+..5.8Q.C].DZ.Pg.CU.Zm.Vh.aq.`h.....3../..<..<..D.&L.$G.-Q.3V.:\.5R.>`.Dd.Hg.Ii.Ii.Ki.Kk.Lh.Mk.Ro.Sq.[v.e..w..p..}..t..v.....@d.Ae.Eh.Gk.Gi.Gh.Gk.Im.Ik.Im.Ik.Ko.Km.Kk.Lm.Nn.Or.Rs.Ut.Vx.]\|.Zw.k..`x....Ek.Lp.Jo.b.....e..m..{......z................................................................D.......M...Y....Y..e.5..L.h......2..=..G.Y..i........u..z..\|..~.....w...5..A..@.G.G..V.Q.._.P..o.f..u..u..{......w..v..{............#.~%..+..2..3..9..>.9.=..B..D..D..E..G..G..G.C..I..I.A..L..L..Q..R..V..T..[..c..g..m..s....`...u.q..k...4..B.{5..F..G..I..I..J..K..K..K..N..S..V..[.zO..{....u.........B..M....c.....................................!.......,...............H......\......z4.H.........c.. C...0...?`.@....Cp.....`..Sf.._........C..P../.0H@J..B..Vty...V..:../..]..k..;....A-.0..h.../.0..KX.[.0b...$H..E.K..E....t..C...CO..C.i.@..H.9....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\js\bootstrap.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64027
Entropy (8bit):	4.836305483874431
Encrypted:	false
SSDEEP:	1536:Y0/ZYwdtLLrK7tXuLJAlC0NEojHweGy8VEfrUiOl3ST0uMU:xZ79L2kJmzNvjHwlR+UT3STD7
MD5:	4D269F4999A9D6766EBA116A79B22F6C
SHA1:	982A75004C32B52BFADB0D296867780DBA232543
SHA-256:	CA0B58099DB982806828D46FAAAE6B53FF51BD5207912379BE0B20FF96ED6ADA
SHA-512:	198D5C7E6D0E274002B25B9F905E52AFFB09E1EDC76480D03D78FD35824C0A62B0F36EC2144A62ECEA8A4B1A6ACC4A455B83AAB8B3512B670A37944276619507
Malicious:	false
Preview:	/* ===================================================.. * bootstrap-transition.js v2.3.1.. * http://twitter.github.com/bootstrap/javascript.html#transitions.. * ===================================================.. * Copyright 2012 Twitter, Inc... .. Licensed under the Apache License, Version 2.0 (the "License");.. * you may not use this file except in compliance with the License... * You may obtain a copy of the License at.. .. http://www.apache.org/licenses/LICENSE-2.0.. .. Unless required by applicable law or agreed to in writing, software.. * distributed under the License is distributed on an "AS IS" BASIS,.. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... * See the License for the specific language governing permissions and.. * limitations under the License... * ========================================================== /......!function ($) {.... "use strict"; // jshint ;_;...... / CSS TRANSITION SUPPORT (http://www.modernizr.com/).. *

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\js\bootstrap.min.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (28421), with CRLF line terminators
Category:	dropped
Size (bytes):	28543
Entropy (8bit):	5.002712804901758
Encrypted:	false
SSDEEP:	768:I7S57QFwmPK40INVIPcr8gCBQcqYn0SUs8q:t0OANsz0WT
MD5:	4D2217E6EF811750EF429614897722F7
SHA1:	81354DCFC6D99A1A43678DD9719D0D279271A02E
SHA-256:	96708C6D8E2D1D3E2CD83C34B4E30311C6C6BB405CAEF24C66D9C7A336B4BED2
SHA-512:	648E210FE2C1414EAFB340E2C5522294A47D17734F7840D73C4283140BCE1EC1D42B32C7BEBEDEB7AE791F2B15EB1B601E724126D521B223576DDFBBA2E44DBE
Malicious:	false
Preview:	/!.. Bootstrap.js by @fat & @mdo..* Copyright 2012 Twitter, Inc...* http://www.apache.org/licenses/LICENSE-2.0.txt../..!function(e){"use strict";e(function(){e.support.transition=function(){var e=function(){var e=document.createElement("bootstrap"),t={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},n;for(n in t)if(e.style[n]!==undefined)return t[n]}();return e&&{end:e}}()})}(window.jQuery),!function(e){"use strict";var t='[data-dismiss="alert"]',n=function(n){e(n).on("click",t,this.close)};n.prototype.close=function(t){function s(){i.trigger("closed").remove()}var n=e(this),r=n.attr("data-target"),i;r\|\|(r=n.attr("href"),r=r&&r.replace(/.(?=#[^\s]*$)/,"")),i=e(r),t&&t.preventDefault(),i.length\|\|(i=n.hasClass("alert")?n:n.parent()),i.trigger(t=e.Event("close"));if(t.isDefaultPrevented())return;i.removeClass("in"),e.support.transition&&i.hasClass("fade")?i.on(e.support.transition.end,s):s()};v

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\js\is-BUMKQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (28421), with CRLF line terminators
Category:	dropped
Size (bytes):	28543
Entropy (8bit):	5.002712804901758
Encrypted:	false
SSDEEP:	768:I7S57QFwmPK40INVIPcr8gCBQcqYn0SUs8q:t0OANsz0WT
MD5:	4D2217E6EF811750EF429614897722F7
SHA1:	81354DCFC6D99A1A43678DD9719D0D279271A02E
SHA-256:	96708C6D8E2D1D3E2CD83C34B4E30311C6C6BB405CAEF24C66D9C7A336B4BED2
SHA-512:	648E210FE2C1414EAFB340E2C5522294A47D17734F7840D73C4283140BCE1EC1D42B32C7BEBEDEB7AE791F2B15EB1B601E724126D521B223576DDFBBA2E44DBE
Malicious:	false
Preview:	/!.. Bootstrap.js by @fat & @mdo..* Copyright 2012 Twitter, Inc...* http://www.apache.org/licenses/LICENSE-2.0.txt../..!function(e){"use strict";e(function(){e.support.transition=function(){var e=function(){var e=document.createElement("bootstrap"),t={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},n;for(n in t)if(e.style[n]!==undefined)return t[n]}();return e&&{end:e}}()})}(window.jQuery),!function(e){"use strict";var t='[data-dismiss="alert"]',n=function(n){e(n).on("click",t,this.close)};n.prototype.close=function(t){function s(){i.trigger("closed").remove()}var n=e(this),r=n.attr("data-target"),i;r\|\|(r=n.attr("href"),r=r&&r.replace(/.(?=#[^\s]*$)/,"")),i=e(r),t&&t.preventDefault(),i.length\|\|(i=n.hasClass("alert")?n:n.parent()),i.trigger(t=e.Event("close"));if(t.isDefaultPrevented())return;i.removeClass("in"),e.support.transition&&i.hasClass("fade")?i.on(e.support.transition.end,s):s()};v

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\js\is-H3M79.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (32089), with CRLF line terminators
Category:	dropped
Size (bytes):	92635
Entropy (8bit):	5.304097832737613
Encrypted:	false
SSDEEP:	1536:pnu00HWWaRxkqJg09pYxoxDKLXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qz7rbaN1RUg:pdkWgoBecZRQzmW42qf
MD5:	874082B265651D732B1E8A97CE2517A6
SHA1:	EEE9A5B74FA1B59692E17A0420D989D3F82CBE2C
SHA-256:	7933FF01DB5BE57CA6677DAAAD6BF5009D38D294AB5AA5D998DE3BA47E89CA0E
SHA-512:	086C1AE8648EE00511C5F4FBC21122A0BCA45B62F4C0D8CC9AEEA147EBB0807A9C3B9EAE3145DFBC2666A8F80D2A80A7A4A04290ABEC496B5524D32A657C1FDE
Malicious:	false
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license..//@ sourceMappingURL=jquery.min.map../(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\js\is-HGDEP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64027
Entropy (8bit):	4.836305483874431
Encrypted:	false
SSDEEP:	1536:Y0/ZYwdtLLrK7tXuLJAlC0NEojHweGy8VEfrUiOl3ST0uMU:xZ79L2kJmzNvjHwlR+UT3STD7
MD5:	4D269F4999A9D6766EBA116A79B22F6C
SHA1:	982A75004C32B52BFADB0D296867780DBA232543
SHA-256:	CA0B58099DB982806828D46FAAAE6B53FF51BD5207912379BE0B20FF96ED6ADA
SHA-512:	198D5C7E6D0E274002B25B9F905E52AFFB09E1EDC76480D03D78FD35824C0A62B0F36EC2144A62ECEA8A4B1A6ACC4A455B83AAB8B3512B670A37944276619507
Malicious:	false
Preview:	/* ===================================================.. * bootstrap-transition.js v2.3.1.. * http://twitter.github.com/bootstrap/javascript.html#transitions.. * ===================================================.. * Copyright 2012 Twitter, Inc... .. Licensed under the Apache License, Version 2.0 (the "License");.. * you may not use this file except in compliance with the License... * You may obtain a copy of the License at.. .. http://www.apache.org/licenses/LICENSE-2.0.. .. Unless required by applicable law or agreed to in writing, software.. * distributed under the License is distributed on an "AS IS" BASIS,.. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... * See the License for the specific language governing permissions and.. * limitations under the License... * ========================================================== /......!function ($) {.... "use strict"; // jshint ;_;...... / CSS TRANSITION SUPPORT (http://www.modernizr.com/).. *

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\js\jquery.min.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (32089), with CRLF line terminators
Category:	dropped
Size (bytes):	92635
Entropy (8bit):	5.304097832737613
Encrypted:	false
SSDEEP:	1536:pnu00HWWaRxkqJg09pYxoxDKLXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qz7rbaN1RUg:pdkWgoBecZRQzmW42qf
MD5:	874082B265651D732B1E8A97CE2517A6
SHA1:	EEE9A5B74FA1B59692E17A0420D989D3F82CBE2C
SHA-256:	7933FF01DB5BE57CA6677DAAAD6BF5009D38D294AB5AA5D998DE3BA47E89CA0E
SHA-512:	086C1AE8648EE00511C5F4FBC21122A0BCA45B62F4C0D8CC9AEEA147EBB0807A9C3B9EAE3145DFBC2666A8F80D2A80A7A4A04290ABEC496B5524D32A657C1FDE
Malicious:	false
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license..//@ sourceMappingURL=jquery.min.map../(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\64x64 converter.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows icon resource - 1 icon, 64x64, 24 bits/pixel
Category:	dropped
Size (bytes):	12862
Entropy (8bit):	0.2567213546428736
Encrypted:	false
SSDEEP:	3:vZll/ltl/c/lpRD:ojD
MD5:	1356714D30EB63F260CEFB0936C6E55E
SHA1:	79C25404E942D1646AAF2705DCE34D12AF9E5790
SHA-256:	E99E3672F8699E1E5251EF154B4272AAD404B5190570934E21191C128CD6F586
SHA-512:	326472320D36763A0C0E069F3CA1A63FF993E5795684233771D12A2834749FBDAE0AED77C0C30DE4B73A40FC1D6ABF54C59D6190940EAD2CDCBE8158F0C8CBCF
Malicious:	false
Preview:	......@@......(2......(...@................0............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\AX_OMConvert.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	GIF image data, version 89a, 128 x 128
Category:	dropped
Size (bytes):	1010
Entropy (8bit):	2.29292695215194
Encrypted:	false
SSDEEP:	6:GH2laYz39WzJzdoaFUix1qyP5WKISI+pEwY+/dUpyP8ace:GHCx3mJp3F5x1qc7eva/6pyP8av
MD5:	EF53B728B8C0C9E76885A88C29577F1F
SHA1:	486CEB0CC0653C13B2D4582EC326342DF7E58EB5
SHA-256:	BFF343B1A887C6C81A6945C87AC56A5D51106ED6041A5AF5F79F8E02246A460C
SHA-512:	59B7CB51D03BE5FA06BBDBFC15A9B3AB12B50ADA520A45CACD8C7B4A480E1D6F25980D744568CDD85B899D65C4D0D8172E9D6C745E605A1FD49719C2157343BA
Malicious:	false
Preview:	GIF89a.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3!k.....C..M....S.^....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\AX_OMConvert.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6712
Entropy (8bit):	5.165428689402844
Encrypted:	false
SSDEEP:	192:BVsDIzEaAbe4Ec4hTzI/biCuRiCbazmQH74axuqbMp:kDq4Ec4hTzI/biCiiCGzmQH74axuj
MD5:	4479F570ECD29B6C975D5A403379F747
SHA1:	9A69865844209FB972A56C15E15851873B35A838
SHA-256:	09EB74ACFCE780F4B726CCE8827544DA75C43ABC54D12CC32F95E14B904A63CB
SHA-512:	DF5D09E68B77E4E4C6FC3604A40F8B9BFE65CD7921FFAD31C8321846DBFBD237D161D4D0EC17AE461258083D4D746A38F580B620AD9D27301D2BBCA2F3DA7927
Malicious:	false
Preview:	<!DOCTYPE html> ..<html>..<meta http-equiv="X-UA-Compatible" content="IE=Edge" />..<meta charset="utf-8">...<title>AX OmConvert Converter</title>...<link href="./css/bootstrap-responsive.css" rel="stylesheet">...<link href="./css/bootstrap.css" rel="stylesheet">...<link href="./css/page.css" rel="stylesheet">...<script type="text/javascript" src="./js/jquery.min.js"></script>...<script type="text/javascript" src="./js/bootstrap.min.js"></script>.....<script language="javascript">..function positionLogo() {...document.getElementById('logo').style.left = document.getElementById('content').offsetLeft + 'px';..}....</script>.... Leave this script as it is otherwise the program won't pick it up and it won't run. -->..<script language="javascript" type="text/javascript">.. //var $ = function (e) { return document.getElementById(e); }......var blockStart = -1;...var blockCount = -1;......var rawInput1;...var rawInput2;......function fillValues()...{....var url = document.URL;........va

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\AX_OMConvert.plugin (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	629
Entropy (8bit):	5.100605671646762
Encrypted:	false
SSDEEP:	12:TM3TSmrk4+mG/17LkzYP5r9AfLxvBGGtD/NKWHvD/ifFuIEZe1Q9+Q92S:qTARr9AvNPTKBEQ1FxS
MD5:	BCD9CF8B8A41D6DB97A9CE6584602C09
SHA1:	8A0BBF3A5D1DECA2C64C7669B5CAF05161D437D2
SHA-256:	4382C6B263C873B5A3564951D54542DEDC5B17D9BBBA5B234BFBF90EB8CF25F2
SHA-512:	2E68F626FFDADB6BB0CB5975057210A70823ECA16CB22EE6DD184FF782EC56D4EEBB5F96F6048215D3485425A36866A09124D61507EF8C6D49E18843944AFD50
Malicious:	false
Preview:	<?xml version='1.0'?>.. This is a sample XML document -->..<Plugin>...<height>500</height>...<width>700</width>...<runFilePath>run-omconvert.cmd</runFilePath>...<htmlFilePath>AX_OMConvert.html</htmlFilePath>...<savedValuesFilePath>saved.xml</savedValuesFilePath>...<iconName>64x64 converter.ico</iconName>...<description>OMConvert</description>...<fileName>OMConvert</fileName>...<readableName>OMConvert</readableName>...<outputExtensions>....<extension></extension>...</outputExtensions>...<numberOfInputFiles>1</numberOfInputFiles>...<wantMetadata>false</wantMetadata>...<requiresCWANames>true</requiresCWANames>..</Plugin>

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\bootstrap-responsive.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23220
Entropy (8bit):	5.0206455590077885
Encrypted:	false
SSDEEP:	384:yM1758/eDV9grZKb5u5Ru11zNFnyQCglOfWwRnE+A6V22zHtTjg:/8GDV9grZKbgUzWQCglOfWwRnE+/DzNA
MD5:	E46CE2784F902577C2E2858BAF1536F0
SHA1:	B87C9AF4988D92BCFBA4CE80F1BBF267774E115F
SHA-256:	489239002725E88D06FFFC788210A60C249D401F00C2BE2254F130F6251D2002
SHA-512:	B822F632A842A070A2A7FB1CFC7A184CAE6219676273CE63B57096FB0C0F39DA7735EE240BB5652F1AE14238D3494AC930395D936EF5BCB6F7552053D375CDE0
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....@-ms-viewport {.. width: device-width;..}.....hidden {.. display: none;.. visibility: hidden;..}.....visible-phone {.. display: none !important;..}.....visible-tablet {.. display: none !important;..}.....hidden-desktop {.. display: none !important;..}....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\bootstrap-responsive.min.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (16608), with CRLF line terminators
Category:	dropped
Size (bytes):	16858
Entropy (8bit):	5.2955772749108
Encrypted:	false
SSDEEP:	384:dd7eicOM8quuhu93fUacuMZoUCfl4UX94Vp1XP:dPcVDmfUac1ZQt4UX96L
MD5:	B0C3EF20C73BC861FF157EAB023DD09C
SHA1:	FEE31889CF7E7B1531BF61D8109BE2A6007853D6
SHA-256:	754073D316DAB747E1634E26EE4FB71EBF38314C24701946812C0E7506242560
SHA-512:	CB61A0F24025F2C702E0A5EEC5BA6E94AE108A543C21C61445188C4741DB66A27D7195234D8ED992BCE7793C667F7E4041E2E102C87C55C2070BD608CF8ED2A7
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}@-ms-viewport{width:device-width}.hidden{display:none;visibility:hidden}.visible-phone{display:none!important}.visible-tablet{display:none!important}.hidden-desktop{display:none!important}.visible-desktop{display:inherit!important}@media(min-width:768px) and (max-width:979px){.hidden-desktop{display:inherit!important}.visible-desktop{display:none!important}.visible-tablet{display:inherit!importa

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\bootstrap.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	133405
Entropy (8bit):	5.11593362125808
Encrypted:	false
SSDEEP:	768:3ofP4Kjze9ROUT1aEXxUKPrsPHOR1sqY+R9Ef:3ofAh9kKHXYORmJf
MD5:	580599C144EF378851955472462F8602
SHA1:	477A15BEDFC71B900F7B623725FC2693E6304AAB
SHA-256:	4DA0DD04B0D7747EB30270FE7758BAC2CBF8371ECA251257553E9B489FD229FD
SHA-512:	4C4D00E70A7C0C6999B237D5466F7EC099B4445BF1A4A9561374D192422C4F41E7C60374BFA0C6DC8D6AF0C8866AE131DD29B82480B60DA93F22108760B1339A
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....article,..aside,..details,..figcaption,..figure,..footer,..header,..hgroup,..nav,..section {.. display: block;..}....audio,..canvas,..video {.. display: inline-block;.. display: inline;.. zoom: 1;..}....audio:not([controls]) {.. display: none;..}....html {.. font-

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\bootstrap.min.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (65299), with CRLF line terminators
Category:	dropped
Size (bytes):	105948
Entropy (8bit):	5.180897685194033
Encrypted:	false
SSDEEP:	768:X71A8XpW5b26LVcUFPaDGObYDUXyyRsPJGaPV4LolQdUONA4QFOfUcnvGcJwjuGR:28AHR7aD4DJhzPB2UONAxtjuGR
MD5:	016623C5E5773122D7C2AC3B524DD17C
SHA1:	1ABEFD404CDD720B275CDAFB97D3EE1C87FD97EF
SHA-256:	3349EBED31517ADA35DA5294A520C4A25CB778F58785726E4B0177120FE25501
SHA-512:	C36645B0648A21D7B6F4ABD9C315B5B82EBD3D21B48E8B2184D8333C800F0D9F9256FFC0D862AE9FDC6E15A24B3247251FCA9830869A54865255F2BC6DCCAA61
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;display:inline;zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\is-8CK7Q.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	5.17412998780235
Encrypted:	false
SSDEEP:	96:VlX/iDPh0QKHB4n0qYCKPumYlAnE8FZz6aAkGTh6HO99HOii3ia3NpiQD/w:raOBm0T72mYlAnrFApP6Hg9H3iSa9piD
MD5:	8694D89D8D9E003E08597E65E94A4D87
SHA1:	4699F6F73633A89CC279F3FEC2A7E112B73FC6E8
SHA-256:	9E15360AE6FA9224A20328F881A94CB45351CF10A1E04D038711E1CD8D9E617C
SHA-512:	5051CAFC944F6AF977CD0A89F7FBF298DD246CD6DE3C6C38B92FD60781178294ADB1196EA4686CBAADA81A0663B780B37D2BBD7613B8FE517BCB4ECCFCAFEA97
Malicious:	false
Preview:	..<style>..@font-face { .. .font-family: Bebas; .. .src: url("./svg/font_bebas.svg#BebasNeueRegular") format("svg");...}...h2 { font-family: "Bebas";}....body {...width: 100%;...background-color: white;...margin: 0;...padding: 0;..}....div#header {...height: 106px;...background-color: white;...width: 100%;...margin: 0;...padding: 0;...background-image: url('../images/headerbackground.png');...background-repeat: repeat-x; ..}....div#header img {...position:relative;...top: 34px;...left:10px;...transition: left 1s;...-moz-transition: left 1s; /* Firefox 4 /...-webkit-transition: left 1s; / Safari and Chrome /...-o-transition: left 1s; / Opera */..}....div#header h1 {...margin: 0;..}....div#contentHolder {...position: relative;...width:100%;...height: 390px;...padding-top: 20px;...background-color: rgb(227,227,227);...border-image: url('../images/innerglow.png') 211 / 220px stretch stretch;..}....div#content {...position: relative;...max-height: 428px;...width: 950px;...margin: 0px

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\is-8HCCQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (65299), with CRLF line terminators
Category:	dropped
Size (bytes):	105948
Entropy (8bit):	5.180897685194033
Encrypted:	false
SSDEEP:	768:X71A8XpW5b26LVcUFPaDGObYDUXyyRsPJGaPV4LolQdUONA4QFOfUcnvGcJwjuGR:28AHR7aD4DJhzPB2UONAxtjuGR
MD5:	016623C5E5773122D7C2AC3B524DD17C
SHA1:	1ABEFD404CDD720B275CDAFB97D3EE1C87FD97EF
SHA-256:	3349EBED31517ADA35DA5294A520C4A25CB778F58785726E4B0177120FE25501
SHA-512:	C36645B0648A21D7B6F4ABD9C315B5B82EBD3D21B48E8B2184D8333C800F0D9F9256FFC0D862AE9FDC6E15A24B3247251FCA9830869A54865255F2BC6DCCAA61
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;display:inline;zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\is-DPFM8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (16608), with CRLF line terminators
Category:	dropped
Size (bytes):	16858
Entropy (8bit):	5.2955772749108
Encrypted:	false
SSDEEP:	384:dd7eicOM8quuhu93fUacuMZoUCfl4UX94Vp1XP:dPcVDmfUac1ZQt4UX96L
MD5:	B0C3EF20C73BC861FF157EAB023DD09C
SHA1:	FEE31889CF7E7B1531BF61D8109BE2A6007853D6
SHA-256:	754073D316DAB747E1634E26EE4FB71EBF38314C24701946812C0E7506242560
SHA-512:	CB61A0F24025F2C702E0A5EEC5BA6E94AE108A543C21C61445188C4741DB66A27D7195234D8ED992BCE7793C667F7E4041E2E102C87C55C2070BD608CF8ED2A7
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.clearfix{zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}@-ms-viewport{width:device-width}.hidden{display:none;visibility:hidden}.visible-phone{display:none!important}.visible-tablet{display:none!important}.hidden-desktop{display:none!important}.visible-desktop{display:inherit!important}@media(min-width:768px) and (max-width:979px){.hidden-desktop{display:inherit!important}.visible-desktop{display:none!important}.visible-tablet{display:inherit!importa

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\is-GCMVU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1840
Entropy (8bit):	5.102392171860436
Encrypted:	false
SSDEEP:	48:W/9d3J5Ozvk4eKhQGbADUnJ5UjsUMopRcZbBh:W/HD0HeK6GbAonTUwLosZ
MD5:	AB3E585DB835356D281F3D0F99543096
SHA1:	3C8A9D6A0848292AACBB37AD1D2E978CD95B8718
SHA-256:	9846020C95FE0913EAC566A7056C7AF5390D342D76EA7B4451989A39D9ACC9C4
SHA-512:	6E853AF69AD050F54DBEF55BBB94EDBB248FC580820EF86B1AF145FD103EF1531A3CEBA8A236E348F7E7F119E009AB091C0094A5818A761889A8318B60312F19
Malicious:	false
Preview:	....body {...width: 100%;...height: 100%;.../background-color: white;/...background-color: #888888;...margin: 0;...padding: 0;......}....div#header {...height: 106px;...background-color: white;...width: 100%;...margin: 0;...padding: 0;...background-image: url(../img/headerbackground.png);...background-repeat: repeat-x; ..}....div#header img {...position:relative;...top: 15px;...left:10px;...transition: left 1s;...-moz-transition: left 1s; /* Firefox 4 /...-webkit-transition: left 1s; / Safari and Chrome /...-o-transition: left 1s; / Opera /..}....div#header h1 {...margin: 0;..}..../..div#contentHolder {...position: relative;...width:100%;...height: 1000px;...padding-top: 7px;...background-color: #E3E3E3;...border-image: url(../img/innerglow.png) 210 / 210px stretch stretch;..}../....div#content {...position: relative;.../min-height: 750px;...max-height: 1200px;*/...width: 90%;...margin: 0px auto 0px auto;...-moz-border-radius: 8px;.. -webkit-border-radius: 8px;...border-ra

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\is-OE01K.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	133405
Entropy (8bit):	5.11593362125808
Encrypted:	false
SSDEEP:	768:3ofP4Kjze9ROUT1aEXxUKPrsPHOR1sqY+R9Ef:3ofAh9kKHXYORmJf
MD5:	580599C144EF378851955472462F8602
SHA1:	477A15BEDFC71B900F7B623725FC2693E6304AAB
SHA-256:	4DA0DD04B0D7747EB30270FE7758BAC2CBF8371ECA251257553E9B489FD229FD
SHA-512:	4C4D00E70A7C0C6999B237D5466F7EC099B4445BF1A4A9561374D192422C4F41E7C60374BFA0C6DC8D6AF0C8866AE131DD29B82480B60DA93F22108760B1339A
Malicious:	false
Preview:	/!.. Bootstrap v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....article,..aside,..details,..figcaption,..figure,..footer,..header,..hgroup,..nav,..section {.. display: block;..}....audio,..canvas,..video {.. display: inline-block;.. display: inline;.. zoom: 1;..}....audio:not([controls]) {.. display: none;..}....html {.. font-

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\is-QFTPQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23220
Entropy (8bit):	5.0206455590077885
Encrypted:	false
SSDEEP:	384:yM1758/eDV9grZKb5u5Ru11zNFnyQCglOfWwRnE+A6V22zHtTjg:/8GDV9grZKbgUzWQCglOfWwRnE+/DzNA
MD5:	E46CE2784F902577C2E2858BAF1536F0
SHA1:	B87C9AF4988D92BCFBA4CE80F1BBF267774E115F
SHA-256:	489239002725E88D06FFFC788210A60C249D401F00C2BE2254F130F6251D2002
SHA-512:	B822F632A842A070A2A7FB1CFC7A184CAE6219676273CE63B57096FB0C0F39DA7735EE240BB5652F1AE14238D3494AC930395D936EF5BCB6F7552053D375CDE0
Malicious:	false
Preview:	/!.. Bootstrap Responsive v2.3.1.. .. Copyright 2012 Twitter, Inc.. * Licensed under the Apache License v2.0.. * http://www.apache.org/licenses/LICENSE-2.0.. .. Designed and built with all the love in the world @twitter by @mdo and @fat... /.....clearfix {.. zoom: 1;..}.....clearfix:before,...clearfix:after {.. display: table;.. line-height: 0;.. content: "";..}.....clearfix:after {.. clear: both;..}.....hide-text {.. font: 0/0 a;.. color: transparent;.. text-shadow: none;.. background-color: transparent;.. border: 0;..}.....input-block-level {.. display: block;.. width: 100%;.. min-height: 30px;.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....@-ms-viewport {.. width: device-width;..}.....hidden {.. display: none;.. visibility: hidden;..}.....visible-phone {.. display: none !important;..}.....visible-tablet {.. display: none !important;..}.....hidden-desktop {.. display: none !important;..}....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\page.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1840
Entropy (8bit):	5.102392171860436
Encrypted:	false
SSDEEP:	48:W/9d3J5Ozvk4eKhQGbADUnJ5UjsUMopRcZbBh:W/HD0HeK6GbAonTUwLosZ
MD5:	AB3E585DB835356D281F3D0F99543096
SHA1:	3C8A9D6A0848292AACBB37AD1D2E978CD95B8718
SHA-256:	9846020C95FE0913EAC566A7056C7AF5390D342D76EA7B4451989A39D9ACC9C4
SHA-512:	6E853AF69AD050F54DBEF55BBB94EDBB248FC580820EF86B1AF145FD103EF1531A3CEBA8A236E348F7E7F119E009AB091C0094A5818A761889A8318B60312F19
Malicious:	false
Preview:	....body {...width: 100%;...height: 100%;.../background-color: white;/...background-color: #888888;...margin: 0;...padding: 0;......}....div#header {...height: 106px;...background-color: white;...width: 100%;...margin: 0;...padding: 0;...background-image: url(../img/headerbackground.png);...background-repeat: repeat-x; ..}....div#header img {...position:relative;...top: 15px;...left:10px;...transition: left 1s;...-moz-transition: left 1s; /* Firefox 4 /...-webkit-transition: left 1s; / Safari and Chrome /...-o-transition: left 1s; / Opera /..}....div#header h1 {...margin: 0;..}..../..div#contentHolder {...position: relative;...width:100%;...height: 1000px;...padding-top: 7px;...background-color: #E3E3E3;...border-image: url(../img/innerglow.png) 210 / 210px stretch stretch;..}../....div#content {...position: relative;.../min-height: 750px;...max-height: 1200px;*/...width: 90%;...margin: 0px auto 0px auto;...-moz-border-radius: 8px;.. -webkit-border-radius: 8px;...border-ra

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\css\viewer.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	5.17412998780235
Encrypted:	false
SSDEEP:	96:VlX/iDPh0QKHB4n0qYCKPumYlAnE8FZz6aAkGTh6HO99HOii3ia3NpiQD/w:raOBm0T72mYlAnrFApP6Hg9H3iSa9piD
MD5:	8694D89D8D9E003E08597E65E94A4D87
SHA1:	4699F6F73633A89CC279F3FEC2A7E112B73FC6E8
SHA-256:	9E15360AE6FA9224A20328F881A94CB45351CF10A1E04D038711E1CD8D9E617C
SHA-512:	5051CAFC944F6AF977CD0A89F7FBF298DD246CD6DE3C6C38B92FD60781178294ADB1196EA4686CBAADA81A0663B780B37D2BBD7613B8FE517BCB4ECCFCAFEA97
Malicious:	false
Preview:	..<style>..@font-face { .. .font-family: Bebas; .. .src: url("./svg/font_bebas.svg#BebasNeueRegular") format("svg");...}...h2 { font-family: "Bebas";}....body {...width: 100%;...background-color: white;...margin: 0;...padding: 0;..}....div#header {...height: 106px;...background-color: white;...width: 100%;...margin: 0;...padding: 0;...background-image: url('../images/headerbackground.png');...background-repeat: repeat-x; ..}....div#header img {...position:relative;...top: 34px;...left:10px;...transition: left 1s;...-moz-transition: left 1s; /* Firefox 4 /...-webkit-transition: left 1s; / Safari and Chrome /...-o-transition: left 1s; / Opera */..}....div#header h1 {...margin: 0;..}....div#contentHolder {...position: relative;...width:100%;...height: 390px;...padding-top: 20px;...background-color: rgb(227,227,227);...border-image: url('../images/innerglow.png') 211 / 220px stretch stretch;..}....div#content {...position: relative;...max-height: 428px;...width: 950px;...margin: 0px

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\background left.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 270 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10675
Entropy (8bit):	7.855792547882974
Encrypted:	false
SSDEEP:	192:QSDS0tKg9E05TV3AhGhrR2ER422yJGMSfGsxKhe:3JXE05/2ER3tSfGEEe
MD5:	6622F06BA0239A047BA5F75DE1E40935
SHA1:	CBBD0EBE6B97427789888EC9826490687B6705B2
SHA-256:	2B16813F80DEF0F4569B88FDE041FA58BCE96C24221436E994EE265801BF225D
SHA-512:	D7693BFBE7A5311D375EC8D6920D411F5FC0FFE63E3FF33F50526F095C986B33AA494060D0661EBC359C408DDEBEABC5484E3EFF79DB944563A1D0FDE7B499F1
Malicious:	false
Preview:	.PNG........IHDR.............ZF......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\background middle.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 787 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4140
Entropy (8bit):	5.514702010098084
Encrypted:	false
SSDEEP:	96:NxQY9fW/9RIAAssrTAdZR2zqq11AAssKAxaWsYecssHGGmqq11AAsssHGmqqq11r:NxU/DIAAss+ZR2zqq11AAssKAxaW1ss6
MD5:	C2E958A624B5FABD241277E3E693F4A2
SHA1:	BC3C845E83FB79EC5331090E3E634CC69F3E2B6A
SHA-256:	81C38EBE8D0C41BDCEBD42CD7A09F8537C1B0BD8131019C7C885ABBE94AEAA39
SHA-512:	2FAAE2695C6DD4386C0BD690364B54BD2E9F464BAFDECF05FD69E693941CD25BBD25A044827154308A8E39080AA2712D2451B34C6077229718FAF90D729FE33D
Malicious:	false
Preview:	.PNG........IHDR..............z.2....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E" xmpMM:DocumentID="xmp.did:D6A421B3609B11E2AFD8AC757B891629" xmpMM:InstanceID="xmp.iid:D6A421B2609B11E2AFD8AC757B891629" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A74E67B6215FE211AC06F9441A82FEFD" stRef:documentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..A....\IDATx....m.P.E...M..'t....=R.d.)....>..\|>.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\background right.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 309 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	11142
Entropy (8bit):	7.861240065287498
Encrypted:	false
SSDEEP:	192:WSDS0tKg9E05TevtvtvcApAc/oOv7H14UyaNsbpubpApApz/MKopuTPf+lPBXqvS:5JXE05C11OkSvaNsbhpuTPfSPg11Z11I
MD5:	B71602511773A60551F70AA9BC6049DE
SHA1:	D3EFDB13568ACD0AF71743B9CA24F7B3E3D0ABD3
SHA-256:	A1E56FB8C8357790AD47FD5A88C61148CF5F90E8586917F22EC3745B5069B503
SHA-512:	B7A1433310BCEA55234A64D9F2BBA5612BB0CFF1832490A7BF7CB604747030A3759F92CC121A5BFD1CD1AAAFE324C9183890CC9CDE74F6B070F8628DE3A5FDEE
Malicious:	false
Preview:	.PNG........IHDR...5..........Ugd....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\buttondivider.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 34, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	7.87078826366413
Encrypted:	false
SSDEEP:	48:O/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODdF:OSDZ/I09Da01l+gmkyTt6Hk8nTdF
MD5:	3D4F3A59BE46F9075AB045C3A3ED04CB
SHA1:	12531CA08CCE65ACCFE8463EC517D9B26EB95278
SHA-256:	AA5D027475B1F6EC88DFDCD84C57D19E20DD86CEEA61BF42D66B3E09D68638E9
SHA-512:	20FF97F577904E2246A78913DC40CAB1511F8C4D11A722EAF2FFFC065844FC92A2DDBCE69E67C736C73EF58DC9878B8919599EAD4EAFD73A0B050B854FB57F7A
Malicious:	false
Preview:	.PNG........IHDR......."......O$F....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\contentbackground.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 390, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2924
Entropy (8bit):	7.875020015401922
Encrypted:	false
SSDEEP:	48:p/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODezW:pSDZ/I09Da01l+gmkyTt6Hk8nTGW
MD5:	32E42A30831D0CCB44FF3C23F84D69FA
SHA1:	D5B884320A01E5C51E190FDD6E6ED1C8DBEEA7CE
SHA-256:	22C91ADA2FCF30B9CB358FF18347B7EFD79A5BA3F2AE3C24FD6B0FE9BD851E69
SHA-512:	BAA928F9B5E51885332B4BAED3C4CB0E6596422736E10600B817ACE0B3C1C3FB39DC16E0EAE70DC95F4EE8134643F8126BD7B43E418C34B79E56C064B9BDCEDA
Malicious:	false
Preview:	.PNG........IHDR.............5.\|.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\contentbackground428.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 2 x 1000, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3297
Entropy (8bit):	7.890112387496165
Encrypted:	false
SSDEEP:	96:dSDZ/I09Da01l+gmkyTt6Hk8nTDBdUEF5vczDo:dSDS0tKg9E05T3UE50g
MD5:	A4AB2D64E4DC771743B6293E303A1B60
SHA1:	883845E2D570FAFFE095D27940F9C081213665D9
SHA-256:	75499938CFBE25364B01DBCF686371BB2EB0ABEFB4AAEA2BB9EB8357B9140FA0
SHA-512:	DDC4098359F452FFFEBCF793597E1BA31AC9254ECE2BFD898BFD35236F342677A8436669AEB9F2F02EB8CDACDD9946052EB47FCEC3C61C50FD506D51059CA9C7
Malicious:	false
Preview:	.PNG........IHDR............../]....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\contentshadow.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 871 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4635
Entropy (8bit):	7.912550011635644
Encrypted:	false
SSDEEP:	96:qSDZ/I09Da01l+gmkyTt6Hk8nTilrjaHqiwp/9p3x:qSDS0tKg9E05Ti9jRVn
MD5:	490AB873EE03CA84F9D3DAB627B687EE
SHA1:	72EE8D63AC23FF7E01CE0512A3A04682B7B70A7A
SHA-256:	52B69E251F97C56B71B337A20086E99BB9C2F6538FDF9E7E531F97D9ED273672
SHA-512:	1E05174427162C75DE38FD27E0E8698A426646B1452A596BE54C6D466EBA9CF0A50BC4F744F027192EBBBE1BDCDCEE52C55AB990F7D3D212869DF6FFE2289CD7
Malicious:	false
Preview:	.PNG........IHDR...g..........Xdj....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\glyphicons-halflings-white.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8777
Entropy (8bit):	7.923998391913574
Encrypted:	false
SSDEEP:	192:41MFu/STZChMGLw/LtI30ukSCeQm9F+xZdqdfQpTTTIyQY7thi7uWB:iMdZ/GLILBmWEiTTTIyQY5hi71
MD5:	9BBC6E9602998A385C2EA13DF56470FD
SHA1:	A25C4705320FD63C33790E666872910E702B9BF6
SHA-256:	F0E0D95A9C8ABCDFABF46348E2D4285829BB0491F5F6AF0E05AF52BFFB6324C4
SHA-512:	47853ECE55B43CB9CC33C8BBFAABF407389565A0FC1FD042FAC502EA96784B4CFC985EA536622843EF7FAB76AD503157C927BB57332D970AF9B3F092E4C9D5D8
Malicious:	false
Preview:	.PNG........IHDR...............{....PLTE........................mmm.................................................................................................................................................................ttt.........................bbb..................................................................eeeggg.....................................xxx...........................................................................................................................................................................................................................................................................................UUU...............................................................................................rO.....tRNS........#.._../.........o.S..?.....C..kD....O.S._........6..>4!~a..@1.._'o..n.....M...3.BQj..p&%!.l.."Xqr;... A[.<`.am}4.3/0I...PCM!6(*gK&YQ.GDP,..`.{.VP.-..x.)h.7.e1]...W..$..1..b.zS.c.O..].....U.;Zi<N#..).86pV.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\glyphicons-halflings.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	12799
Entropy (8bit):	7.954371008999522
Encrypted:	false
SSDEEP:	192:CDrgTE80fO3w9Gw/gMmhqb/KEliZ5pjSWw5JTfvJRbNn1tgbn+qFynb21kt1kIhL:CfAc9GugMIQRl65AJzp1aoFt1gk
MD5:	2516339970D710819585F90773AEBE0A
SHA1:	84F613631B07D4FE22ACBAB50E551C0FE04BD78B
SHA-256:	D99E3FA32C641032F08149914B28C2DC6ACF2EC62F70987F2259EABBFA7FC0DE
SHA-512:	E1BB0066E619679B880F43E85C3367C57CD13411AB012A67E429B21E7FF80A1A5B8F1EB5BFAC4CC272EB2BB606341182E91FF1CF7D59CF8BD811D98EAFD71D5C
Malicious:	false
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..1.IDATx..}ml\E..W..^..D$\|n.w'..;v...8.m0..k<f.8....<.h3$.. ...b,mn.... ........0...L Y`6s'.>...Q.........S......n.S.V.;1K.G...s...>Uo...TU.1c..Yu...c..a&...#C,p.....>k.......U.LW..-s.n.3V.q..~N....o...c...I.~L.....{..-....H8%_..M..w.B..6EW..,.p.......Y...2+.(Y....@..&..A./.......3kX.h....-.a.....A....<>P...'\...J.;(.}.#..Qz......:4..%m?nf.ntK.....l.9J...+.D..I..Yu1Y...Z^..(.]YYE..f@......lX..z].U.t......u...&..5-P...W.}..@t.\|.#L..Y..=..s.......,w#.+.R.+.?..a.x...X.0.."..ea).t.G....wV..w..V^...rf%xB.(.q..4>....W.G.#...lW.U<......XJV...l.....R...$k.DVr.I....7:.X<.s>%X.1...N..Ez....w...;y..9.z.9.O.%.~..~..u....*.=.....I..x.c.y}....Y(...o....u..N$.^..j......e\..iX...]..;Y-.r........&..>.!..zl.Y.aVHVN..9=..]..=.......mR..M......d...OU.C..J.UiT.}r.W...W'....u..).......F"YU.#..P......&......R.O....wyz..m..$...O.....s? +^.FT.....I.E.q.%..&.....~..>.M...}]......w..A...?.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\gradientgraph.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 390, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	117264
Entropy (8bit):	7.985263256233834
Encrypted:	false
SSDEEP:	1536:YtYlb2phWm3koaEMEYkgaV1zqVj8djBOqPl8s8lW0Yo7M3R4ZQ7higKwTIKuz1Md:E3TTWfkgYhqV2sqt8nW0Yo7+RYgwywk
MD5:	07C120F2FD1D279B30068C00AE5DC4EE
SHA1:	FB8F3101EDB6D41B6BEAAFDA7B6FCE100CA3E2C9
SHA-256:	0D13B0049DB8639F203B8A5DA7E4E8BFFCDE518CA0E87C6435C4293177AB5867
SHA-512:	BA62884DF4959FFFD26179047A16A1229098B6F7C37A6D735AD7942116D9AC7562B593875AF84C5726BFF80E9D91758DA52AEC07ED16CF2A0BC25CE57CB0D41E
Malicious:	false
Preview:	.PNG........IHDR..............6.X....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\gradientgraphsmall.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 250 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10489
Entropy (8bit):	7.965741081358159
Encrypted:	false
SSDEEP:	192:ASDS0tKg9E05Tantmof5IQV5UQbl/Ewe8k4vtX93UpauhqTNf1rPJf:nJXE05SthXRdEwWEVhKDar5
MD5:	6223ACD59C394F90D91F29CE41D70D83
SHA1:	061609B97F9027A00D5607C71041F77F4B62D458
SHA-256:	9F4ABA4B940439681C0499349F3BE94642C858FA548E152EBA13A107F8FDA772
SHA-512:	7BB4039670205454920DC3B2904F63A10E1A73FC8C0F02F4013619883A56A662E30F9232C7AB2B6891628F48BAED2DA7497B11C9FDEBD55DCE6381CB44D7EEB5
Malicious:	false
Preview:	.PNG........IHDR.......g.....)._.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\gridcontent.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 372, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22359
Entropy (8bit):	7.7127315592693435
Encrypted:	false
SSDEEP:	384:QJXE05wJf+JX2w/e6iAWO9cDrMac3OkjlCqoPusVN3hIITl3rM3idF539dpXCxRT:M354o2w/e6iAfe/Ds7oPusL3hrTl3XZg
MD5:	931C86E8F1199B0F9E0F260E8D92E1F2
SHA1:	9A3DE2269005DCBFE6D420F522D2D72485B1D78B
SHA-256:	F79B831CBE2D4F37D5C6839513C9F8DA481CE6D463AFEECD77D72E36ECF85477
SHA-512:	47DF3058C52FFDE61B6B0C6AC721B0AD29A84805B6693DFC311DD1241AB43B6943B4BBA6D42D7554278582405A2AC55482FC4A69D01C87C31932354CC3702C59
Malicious:	false
Preview:	.PNG........IHDR.......t......lnJ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\headerbackground.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 106, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2852
Entropy (8bit):	7.867842123870298
Encrypted:	false
SSDEEP:	48:J/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODK0:JSDZ/I09Da01l+gmkyTt6Hk8nTX
MD5:	AD8AB8C5E19A7B24E060E9C6B4A8C13D
SHA1:	3553B00745DB1BC65E8AD0A224BBC49ECCEECA6F
SHA-256:	117BD3E359D760CB12B5B3F6865FA125A801269523A851542989D91413DC7A3E
SHA-512:	1CD55120C2761ECF272466B6A2E4A9568A891D209ECDF5FA5EEA5307D4DB7105898F31C2C680C621657DF7CDB2F38D606CA13684184B3A301F2166329401878D
Malicious:	false
Preview:	.PNG........IHDR.......j......D.G....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\innerglow.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 1100, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	29493
Entropy (8bit):	7.392034002277657
Encrypted:	false
SSDEEP:	768:s35g9ZhweCCYKdYk1oMnG9GZNYlKU/KNs:dZFdYKYEoMnG9GZl0Ki
MD5:	12CAD92A07320280831AC634DEAE61FE
SHA1:	D0F827A47195F5D252F865B1E1E5A75367537027
SHA-256:	0D1C39FD6E82E138B9EEE5B7650A552C9ACBA2F39A6F17F987441CD7AF853E02
SHA-512:	29DFE8D6D9508E7E9698FAD768208526C1BDB2E5A1C0197D3989FA63BD7F44FB6071C7486CEED15FF87B86E0532643CE08A29B365EECB9FBA30033ED7EBBC5CF
Malicious:	false
Preview:	.PNG........IHDR...V...L......a_.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-019IH.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 1100, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	29493
Entropy (8bit):	7.392034002277657
Encrypted:	false
SSDEEP:	768:s35g9ZhweCCYKdYk1oMnG9GZNYlKU/KNs:dZFdYKYEoMnG9GZl0Ki
MD5:	12CAD92A07320280831AC634DEAE61FE
SHA1:	D0F827A47195F5D252F865B1E1E5A75367537027
SHA-256:	0D1C39FD6E82E138B9EEE5B7650A552C9ACBA2F39A6F17F987441CD7AF853E02
SHA-512:	29DFE8D6D9508E7E9698FAD768208526C1BDB2E5A1C0197D3989FA63BD7F44FB6071C7486CEED15FF87B86E0532643CE08A29B365EECB9FBA30033ED7EBBC5CF
Malicious:	false
Preview:	.PNG........IHDR...V...L......a_.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-0D7PR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 787 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4140
Entropy (8bit):	5.514702010098084
Encrypted:	false
SSDEEP:	96:NxQY9fW/9RIAAssrTAdZR2zqq11AAssKAxaWsYecssHGGmqq11AAsssHGmqqq11r:NxU/DIAAss+ZR2zqq11AAssKAxaW1ss6
MD5:	C2E958A624B5FABD241277E3E693F4A2
SHA1:	BC3C845E83FB79EC5331090E3E634CC69F3E2B6A
SHA-256:	81C38EBE8D0C41BDCEBD42CD7A09F8537C1B0BD8131019C7C885ABBE94AEAA39
SHA-512:	2FAAE2695C6DD4386C0BD690364B54BD2E9F464BAFDECF05FD69E693941CD25BBD25A044827154308A8E39080AA2712D2451B34C6077229718FAF90D729FE33D
Malicious:	false
Preview:	.PNG........IHDR..............z.2....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E" xmpMM:DocumentID="xmp.did:D6A421B3609B11E2AFD8AC757B891629" xmpMM:InstanceID="xmp.iid:D6A421B2609B11E2AFD8AC757B891629" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A74E67B6215FE211AC06F9441A82FEFD" stRef:documentID="xmp.did:BCF20EC0435BE211BC1DEA2D3863842E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..A....\IDATx....m.P.E...M..'t....=R.d.)....>..\|>.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-20SSV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 390, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	117264
Entropy (8bit):	7.985263256233834
Encrypted:	false
SSDEEP:	1536:YtYlb2phWm3koaEMEYkgaV1zqVj8djBOqPl8s8lW0Yo7M3R4ZQ7higKwTIKuz1Md:E3TTWfkgYhqV2sqt8nW0Yo7+RYgwywk
MD5:	07C120F2FD1D279B30068C00AE5DC4EE
SHA1:	FB8F3101EDB6D41B6BEAAFDA7B6FCE100CA3E2C9
SHA-256:	0D13B0049DB8639F203B8A5DA7E4E8BFFCDE518CA0E87C6435C4293177AB5867
SHA-512:	BA62884DF4959FFFD26179047A16A1229098B6F7C37A6D735AD7942116D9AC7562B593875AF84C5726BFF80E9D91758DA52AEC07ED16CF2A0BC25CE57CB0D41E
Malicious:	false
Preview:	.PNG........IHDR..............6.X....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-723LN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 250 x 103, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10489
Entropy (8bit):	7.965741081358159
Encrypted:	false
SSDEEP:	192:ASDS0tKg9E05Tantmof5IQV5UQbl/Ewe8k4vtX93UpauhqTNf1rPJf:nJXE05SthXRdEwWEVhKDar5
MD5:	6223ACD59C394F90D91F29CE41D70D83
SHA1:	061609B97F9027A00D5607C71041F77F4B62D458
SHA-256:	9F4ABA4B940439681C0499349F3BE94642C858FA548E152EBA13A107F8FDA772
SHA-512:	7BB4039670205454920DC3B2904F63A10E1A73FC8C0F02F4013619883A56A662E30F9232C7AB2B6891628F48BAED2DA7497B11C9FDEBD55DCE6381CB44D7EEB5
Malicious:	false
Preview:	.PNG........IHDR.......g.....)._.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-8GNOE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 270 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10675
Entropy (8bit):	7.855792547882974
Encrypted:	false
SSDEEP:	192:QSDS0tKg9E05TV3AhGhrR2ER422yJGMSfGsxKhe:3JXE05/2ER3tSfGEEe
MD5:	6622F06BA0239A047BA5F75DE1E40935
SHA1:	CBBD0EBE6B97427789888EC9826490687B6705B2
SHA-256:	2B16813F80DEF0F4569B88FDE041FA58BCE96C24221436E994EE265801BF225D
SHA-512:	D7693BFBE7A5311D375EC8D6920D411F5FC0FFE63E3FF33F50526F095C986B33AA494060D0661EBC359C408DDEBEABC5484E3EFF79DB944563A1D0FDE7B499F1
Malicious:	false
Preview:	.PNG........IHDR.............ZF......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-CPGJI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 106, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2852
Entropy (8bit):	7.867842123870298
Encrypted:	false
SSDEEP:	48:J/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODK0:JSDZ/I09Da01l+gmkyTt6Hk8nTX
MD5:	AD8AB8C5E19A7B24E060E9C6B4A8C13D
SHA1:	3553B00745DB1BC65E8AD0A224BBC49ECCEECA6F
SHA-256:	117BD3E359D760CB12B5B3F6865FA125A801269523A851542989D91413DC7A3E
SHA-512:	1CD55120C2761ECF272466B6A2E4A9568A891D209ECDF5FA5EEA5307D4DB7105898F31C2C680C621657DF7CDB2F38D606CA13684184B3A301F2166329401878D
Malicious:	false
Preview:	.PNG........IHDR.......j......D.G....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-HNUQK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 2 x 1000, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3297
Entropy (8bit):	7.890112387496165
Encrypted:	false
SSDEEP:	96:dSDZ/I09Da01l+gmkyTt6Hk8nTDBdUEF5vczDo:dSDS0tKg9E05T3UE50g
MD5:	A4AB2D64E4DC771743B6293E303A1B60
SHA1:	883845E2D570FAFFE095D27940F9C081213665D9
SHA-256:	75499938CFBE25364B01DBCF686371BB2EB0ABEFB4AAEA2BB9EB8357B9140FA0
SHA-512:	DDC4098359F452FFFEBCF793597E1BA31AC9254ECE2BFD898BFD35236F342677A8436669AEB9F2F02EB8CDACDD9946052EB47FCEC3C61C50FD506D51059CA9C7
Malicious:	false
Preview:	.PNG........IHDR............../]....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-K5C34.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 871 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4635
Entropy (8bit):	7.912550011635644
Encrypted:	false
SSDEEP:	96:qSDZ/I09Da01l+gmkyTt6Hk8nTilrjaHqiwp/9p3x:qSDS0tKg9E05Ti9jRVn
MD5:	490AB873EE03CA84F9D3DAB627B687EE
SHA1:	72EE8D63AC23FF7E01CE0512A3A04682B7B70A7A
SHA-256:	52B69E251F97C56B71B337A20086E99BB9C2F6538FDF9E7E531F97D9ED273672
SHA-512:	1E05174427162C75DE38FD27E0E8698A426646B1452A596BE54C6D466EBA9CF0A50BC4F744F027192EBBBE1BDCDCEE52C55AB990F7D3D212869DF6FFE2289CD7
Malicious:	false
Preview:	.PNG........IHDR...g..........Xdj....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-KNSOL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 510 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	421
Entropy (8bit):	5.424079850413463
Encrypted:	false
SSDEEP:	12:6v/7K2x/o/Gv6EKye3Kye3Kye3Kye3Kye3Kye3Kye3Kyo2c:wO5EKy+Ky+Ky+Ky+Ky+Ky+Ky+Kyhc
MD5:	5B3377A8D99FA9152876FD03173135C1
SHA1:	EC4FD8EA4C4D0A2E2BE1D7A321651C20C707FC90
SHA-256:	CD0D90488118A8F73E8CAF4BB031CFFD3DF09FC8A5F00A5B42747C7F438E1B01
SHA-512:	A6061C2A861E5E667C26A0B9427401A666050464CC416497EA0926892693FBA0B5B1EAC8AF7169E53C6B6E3A48A4794906B6994C31C51F6ADBB09909EA4D2426
Malicious:	false
Preview:	.PNG........IHDR.......@.............sRGB.........gAMA......a.....pHYs...t...t..f.x....tEXtSoftware.Paint.NET v3.5.11G.B7....IDATx^..1..@....o.b`.L(hxw....L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3...{......i.....IEND.B`.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-OAKFE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	22421
Entropy (8bit):	7.382781405693069
Encrypted:	false
SSDEEP:	384:cJXE050vbwtRSQniH2Zn+4GjL1rGMNKc0BCEgsFzA0u:I35LCQznsjRrGMN90QEZZA0u
MD5:	CD3956C0B11967DE8DA88DA7C40ABD8F
SHA1:	28B3280D98E0FAEFBEEB824F66245D53F688367D
SHA-256:	4940060CEA6C1D1CF2B4E4F6E66DB8E30CA6452452F918B311E43915D55AA3DF
SHA-512:	D995A7ECFA327A108DDB303864E359364B7A3FFBD10BED96DC6F2113CA850C404F54968E3B416998A26F53097D4C9DBF7B19CA90586A6C43ED533328B9AF118A
Malicious:	false
Preview:	.PNG........IHDR...V.........@\......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-SPO84.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 309 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	11142
Entropy (8bit):	7.861240065287498
Encrypted:	false
SSDEEP:	192:WSDS0tKg9E05TevtvtvcApAc/oOv7H14UyaNsbpubpApApz/MKopuTPf+lPBXqvS:5JXE05C11OkSvaNsbhpuTPfSPg11Z11I
MD5:	B71602511773A60551F70AA9BC6049DE
SHA1:	D3EFDB13568ACD0AF71743B9CA24F7B3E3D0ABD3
SHA-256:	A1E56FB8C8357790AD47FD5A88C61148CF5F90E8586917F22EC3745B5069B503
SHA-512:	B7A1433310BCEA55234A64D9F2BBA5612BB0CFF1832490A7BF7CB604747030A3759F92CC121A5BFD1CD1AAAFE324C9183890CC9CDE74F6B070F8628DE3A5FDEE
Malicious:	false
Preview:	.PNG........IHDR...5..........Ugd....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-T3MDQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 947 x 372, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22359
Entropy (8bit):	7.7127315592693435
Encrypted:	false
SSDEEP:	384:QJXE05wJf+JX2w/e6iAWO9cDrMac3OkjlCqoPusVN3hIITl3rM3idF539dpXCxRT:M354o2w/e6iAfe/Ds7oPusL3hrTl3XZg
MD5:	931C86E8F1199B0F9E0F260E8D92E1F2
SHA1:	9A3DE2269005DCBFE6D420F522D2D72485B1D78B
SHA-256:	F79B831CBE2D4F37D5C6839513C9F8DA481CE6D463AFEECD77D72E36ECF85477
SHA-512:	47DF3058C52FFDE61B6B0C6AC721B0AD29A84805B6693DFC311DD1241AB43B6943B4BBA6D42D7554278582405A2AC55482FC4A69D01C87C31932354CC3702C59
Malicious:	false
Preview:	.PNG........IHDR.......t......lnJ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-U064L.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	12799
Entropy (8bit):	7.954371008999522
Encrypted:	false
SSDEEP:	192:CDrgTE80fO3w9Gw/gMmhqb/KEliZ5pjSWw5JTfvJRbNn1tgbn+qFynb21kt1kIhL:CfAc9GugMIQRl65AJzp1aoFt1gk
MD5:	2516339970D710819585F90773AEBE0A
SHA1:	84F613631B07D4FE22ACBAB50E551C0FE04BD78B
SHA-256:	D99E3FA32C641032F08149914B28C2DC6ACF2EC62F70987F2259EABBFA7FC0DE
SHA-512:	E1BB0066E619679B880F43E85C3367C57CD13411AB012A67E429B21E7FF80A1A5B8F1EB5BFAC4CC272EB2BB606341182E91FF1CF7D59CF8BD811D98EAFD71D5C
Malicious:	false
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..1.IDATx..}ml\E..W..^..D$\|n.w'..;v...8.m0..k<f.8....<.h3$.. ...b,mn.... ........0...L Y`6s'.>...Q.........S......n.S.V.;1K.G...s...>Uo...TU.1c..Yu...c..a&...#C,p.....>k.......U.LW..-s.n.3V.q..~N....o...c...I.~L.....{..-....H8%_..M..w.B..6EW..,.p.......Y...2+.(Y....@..&..A./.......3kX.h....-.a.....A....<>P...'\...J.;(.}.#..Qz......:4..%m?nf.ntK.....l.9J...+.D..I..Yu1Y...Z^..(.]YYE..f@......lX..z].U.t......u...&..5-P...W.}..@t.\|.#L..Y..=..s.......,w#.+.R.+.?..a.x...X.0.."..ea).t.G....wV..w..V^...rf%xB.(.q..4>....W.G.#...lW.U<......XJV...l.....R...$k.DVr.I....7:.X<.s>%X.1...N..Ez....w...;y..9.z.9.O.%.~..~..u....*.=.....I..x.c.y}....Y(...o....u..N$.^..j......e\..iX...]..;Y-.r........&..>.!..zl.Y.aVHVN..9=..]..=.......mR..M......d...OU.C..J.UiT.}r.W...W'....u..).......F"YU.#..P......&......R.O....wyz..m..$...O.....s? +^.FT.....I.E.q.%..&.....~..>.M...}]......w..A...?.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-USQDR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 469 x 159, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8777
Entropy (8bit):	7.923998391913574
Encrypted:	false
SSDEEP:	192:41MFu/STZChMGLw/LtI30ukSCeQm9F+xZdqdfQpTTTIyQY7thi7uWB:iMdZ/GLILBmWEiTTTIyQY5hi71
MD5:	9BBC6E9602998A385C2EA13DF56470FD
SHA1:	A25C4705320FD63C33790E666872910E702B9BF6
SHA-256:	F0E0D95A9C8ABCDFABF46348E2D4285829BB0491F5F6AF0E05AF52BFFB6324C4
SHA-512:	47853ECE55B43CB9CC33C8BBFAABF407389565A0FC1FD042FAC502EA96784B4CFC985EA536622843EF7FAB76AD503157C927BB57332D970AF9B3F092E4C9D5D8
Malicious:	false
Preview:	.PNG........IHDR...............{....PLTE........................mmm.................................................................................................................................................................ttt.........................bbb..................................................................eeeggg.....................................xxx...........................................................................................................................................................................................................................................................................................UUU...............................................................................................rO.....tRNS........#.._../.........o.S..?.....C..kD....O.S._........6..>4!~a..@1.._'o..n.....M...3.BQj..p&%!.l.."Xqr;... A[.<`.am}4.3/0I...PCM!6(*gK&YQ.GDP,..`.{.VP.-..x.)h.7.e1]...W..$..1..b.zS.c.O..].....U.;Zi<N#..).86pV.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-UTJJO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 34, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2856
Entropy (8bit):	7.87078826366413
Encrypted:	false
SSDEEP:	48:O/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODdF:OSDZ/I09Da01l+gmkyTt6Hk8nTdF
MD5:	3D4F3A59BE46F9075AB045C3A3ED04CB
SHA1:	12531CA08CCE65ACCFE8463EC517D9B26EB95278
SHA-256:	AA5D027475B1F6EC88DFDCD84C57D19E20DD86CEEA61BF42D66B3E09D68638E9
SHA-512:	20FF97F577904E2246A78913DC40CAB1511F8C4D11A722EAF2FFFC065844FC92A2DDBCE69E67C736C73EF58DC9878B8919599EAD4EAFD73A0B050B854FB57F7A
Malicious:	false
Preview:	.PNG........IHDR......."......O$F....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\is-VNI36.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1 x 390, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2924
Entropy (8bit):	7.875020015401922
Encrypted:	false
SSDEEP:	48:p/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODezW:pSDZ/I09Da01l+gmkyTt6Hk8nTGW
MD5:	32E42A30831D0CCB44FF3C23F84D69FA
SHA1:	D5B884320A01E5C51E190FDD6E6ED1C8DBEEA7CE
SHA-256:	22C91ADA2FCF30B9CB358FF18347B7EFD79A5BA3F2AE3C24FD6B0FE9BD851E69
SHA-512:	BAA928F9B5E51885332B4BAED3C4CB0E6596422736E10600B817ACE0B3C1C3FB39DC16E0EAE70DC95F4EE8134643F8126BD7B43E418C34B79E56C064B9BDCEDA
Malicious:	false
Preview:	.PNG........IHDR.............5.\|.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\logoOMConvert.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 510 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	421
Entropy (8bit):	5.424079850413463
Encrypted:	false
SSDEEP:	12:6v/7K2x/o/Gv6EKye3Kye3Kye3Kye3Kye3Kye3Kye3Kyo2c:wO5EKy+Ky+Ky+Ky+Ky+Ky+Ky+Kyhc
MD5:	5B3377A8D99FA9152876FD03173135C1
SHA1:	EC4FD8EA4C4D0A2E2BE1D7A321651C20C707FC90
SHA-256:	CD0D90488118A8F73E8CAF4BB031CFFD3DF09FC8A5F00A5B42747C7F438E1B01
SHA-512:	A6061C2A861E5E667C26A0B9427401A666050464CC416497EA0926892693FBA0B5B1EAC8AF7169E53C6B6E3A48A4794906B6994C31C51F6ADBB09909EA4D2426
Malicious:	false
Preview:	.PNG........IHDR.......@.............sRGB.........gAMA......a.....pHYs...t...t..f.x....tEXtSoftware.Paint.NET v3.5.11G.B7....IDATx^..1..@....o.b`.L(hxw....L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3.....@.L..i&..4..h...4....f..M3...{......i.....IEND.B`.

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\img\whole-background.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PNG image data, 1366 x 768, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	22421
Entropy (8bit):	7.382781405693069
Encrypted:	false
SSDEEP:	384:cJXE050vbwtRSQniH2Zn+4GjL1rGMNKc0BCEgsFzA0u:I35LCQznsjRrGMN90QEZZA0u
MD5:	CD3956C0B11967DE8DA88DA7C40ABD8F
SHA1:	28B3280D98E0FAEFBEEB824F66245D53F688367D
SHA-256:	4940060CEA6C1D1CF2B4E4F6E66DB8E30CA6452452F918B311E43915D55AA3DF
SHA-512:	D995A7ECFA327A108DDB303864E359364B7A3FFBD10BED96DC6F2113CA850C404F54968E3B416998A26F53097D4C9DBF7B19CA90586A6C43ED533328B9AF118A
Malicious:	false
Preview:	.PNG........IHDR...V.........@\......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-4MJB1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	GIF image data, version 89a, 128 x 128
Category:	dropped
Size (bytes):	1010
Entropy (8bit):	2.29292695215194
Encrypted:	false
SSDEEP:	6:GH2laYz39WzJzdoaFUix1qyP5WKISI+pEwY+/dUpyP8ace:GHCx3mJp3F5x1qc7eva/6pyP8av
MD5:	EF53B728B8C0C9E76885A88C29577F1F
SHA1:	486CEB0CC0653C13B2D4582EC326342DF7E58EB5
SHA-256:	BFF343B1A887C6C81A6945C87AC56A5D51106ED6041A5AF5F79F8E02246A460C
SHA-512:	59B7CB51D03BE5FA06BBDBFC15A9B3AB12B50ADA520A45CACD8C7B4A480E1D6F25980D744568CDD85B899D65C4D0D8172E9D6C745E605A1FD49719C2157343BA
Malicious:	false
Preview:	GIF89a.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3!k.....C..M....S.^....

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-DT2P1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6712
Entropy (8bit):	5.165428689402844
Encrypted:	false
SSDEEP:	192:BVsDIzEaAbe4Ec4hTzI/biCuRiCbazmQH74axuqbMp:kDq4Ec4hTzI/biCiiCGzmQH74axuj
MD5:	4479F570ECD29B6C975D5A403379F747
SHA1:	9A69865844209FB972A56C15E15851873B35A838
SHA-256:	09EB74ACFCE780F4B726CCE8827544DA75C43ABC54D12CC32F95E14B904A63CB
SHA-512:	DF5D09E68B77E4E4C6FC3604A40F8B9BFE65CD7921FFAD31C8321846DBFBD237D161D4D0EC17AE461258083D4D746A38F580B620AD9D27301D2BBCA2F3DA7927
Malicious:	false
Preview:	<!DOCTYPE html> ..<html>..<meta http-equiv="X-UA-Compatible" content="IE=Edge" />..<meta charset="utf-8">...<title>AX OmConvert Converter</title>...<link href="./css/bootstrap-responsive.css" rel="stylesheet">...<link href="./css/bootstrap.css" rel="stylesheet">...<link href="./css/page.css" rel="stylesheet">...<script type="text/javascript" src="./js/jquery.min.js"></script>...<script type="text/javascript" src="./js/bootstrap.min.js"></script>.....<script language="javascript">..function positionLogo() {...document.getElementById('logo').style.left = document.getElementById('content').offsetLeft + 'px';..}....</script>.... Leave this script as it is otherwise the program won't pick it up and it won't run. -->..<script language="javascript" type="text/javascript">.. //var $ = function (e) { return document.getElementById(e); }......var blockStart = -1;...var blockCount = -1;......var rawInput1;...var rawInput2;......function fillValues()...{....var url = document.URL;........va

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-J23G1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	213504
Entropy (8bit):	6.709248017183754
Encrypted:	false
SSDEEP:	6144:ZxGwK8gQiqm4NvHRZVJOqQ1EFO1VxkJlof0jFjzyYdsmSLfTN/oOuusrn4HJ:ZxGwK8gQiqm4NvHRZVJOqQ1EFO1VxkJ8
MD5:	D05718285DF704EED58EF4B1FE6761A0
SHA1:	4FA2A4F16B998C0F553EE6B57A780E39323E6A85
SHA-256:	E5FA5DE8F79FA702C8D2B1164D2E319CB6F597AD700EA9FF04D2273311505943
SHA-512:	C6F3F2C36FCBE0AA43124716D49D119399E8D1B0D6F61F2DE3A23B8775EE45E7DC5F304B90A0AAE51883E7F7928DB4A04ECCBCEF60EB46CC5B74DD3BD3229BF0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]q>*..Py..Py..Py...y..Py...y..Py...y..Py...y..Py.vSx..Py.vUx:.Py.vTx..Py.h.y..Py..Qyz.Py%wXx..Py%w.y..Py%wRx..PyRich..Py........................PE..L......[.................l..........A.............@.......................................@.....................................(....`.......................p..........p...............................@...............4............................text....k.......l.................. ..`.rdata...............p..............@..@.data........0......................@..._RDATA.......P......................@..@.rsrc........`.......$..............@..@.reloc.......p.......&..............@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-PCK8S.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows icon resource - 1 icon, 64x64, 24 bits/pixel
Category:	dropped
Size (bytes):	12862
Entropy (8bit):	0.2567213546428736
Encrypted:	false
SSDEEP:	3:vZll/ltl/c/lpRD:ojD
MD5:	1356714D30EB63F260CEFB0936C6E55E
SHA1:	79C25404E942D1646AAF2705DCE34D12AF9E5790
SHA-256:	E99E3672F8699E1E5251EF154B4272AAD404B5190570934E21191C128CD6F586
SHA-512:	326472320D36763A0C0E069F3CA1A63FF993E5795684233771D12A2834749FBDAE0AED77C0C30DE4B73A40FC1D6ABF54C59D6190940EAD2CDCBE8158F0C8CBCF
Malicious:	false
Preview:	......@@......(2......(...@................0............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-PRF9P.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	5.326275339578517
Encrypted:	false
SSDEEP:	24:LLiOeidBLv0ZdCla1ONH2KNC2Ip1vv4lbS9q4HvUHH83HSaSlHlRB4L43bdD43aA:fiOeidB3y1wm88iaSvnJbMaA
MD5:	8F25B67F5F848AD2BF34B0E8465A683C
SHA1:	58B67E0D5A0A371B111D03FC45BD8D891CBF5878
SHA-256:	E60CACD6F47040008D07AA8BAF516D116420149E373FE8F23C9AFF4F157C903F
SHA-512:	EA48B245C95D3482EB97CC82AF6750D890CB46CBC2800EFB82EE289148175315FFFC75F200CC98C79B876AE2C14CE36E063B0CD05E77F799DD518A478A6E04B2
Malicious:	false
Preview:	@echo off..cd /d %~dp0....::: Check arguments..if "%~1"=="" goto ERROR_NO_SOURCE..rem if not "%~2"=="" goto ERROR_TOO_MANY_ARGS..if not exist "%~1" goto ERROR_SOURCE_NOT_FOUND..set INPUT=%~f1..set OUTPUT=%~dpn1....::: Choose a temporary output folder..set TEMPDIR=%TEMP%\CBR-%RANDOM%..mkdir "%TEMPDIR%"....::: Run the script..echo OMCONVERT: INPUT: %INPUT%..rem echo INPUT: %INPUT% 1>&2..echo OMCONVERT: OUTPUT: %OUTPUT%..rem echo OUTPUT: %OUTPUT% 1>&2..echo OMCONVERT: TEMPORARY: %TEMPDIR%..rem echo TEMPORARY: %TEMPDIR% 1>&2..echo OMCONVERT: Running: omconvert.exe "%INPUT%" "%TEMPDIR%"..if not exist omconvert.exe echo OMCONVERT: Executable not found.....if exist omconvert.exe omconvert.exe "%INPUT%" -out "%TEMPDIR%\file.wav" -svm-file "%TEMPDIR%\file.svm.csv" -wtv-file "%TEMPDIR%\file.wtv.csv" -paee-file "%TEMPDIR%\file.paee.csv"....::: Move files from the temporary folder..move "%TEMPDIR%\file.wav" "%OUTPUT%.wav" >nul..move "%TEMPDIR%\file.svm.csv" "%OUTPUT%.svm.csv" >nul..move "%TE

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\is-QFSFA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	629
Entropy (8bit):	5.100605671646762
Encrypted:	false
SSDEEP:	12:TM3TSmrk4+mG/17LkzYP5r9AfLxvBGGtD/NKWHvD/ifFuIEZe1Q9+Q92S:qTARr9AvNPTKBEQ1FxS
MD5:	BCD9CF8B8A41D6DB97A9CE6584602C09
SHA1:	8A0BBF3A5D1DECA2C64C7669B5CAF05161D437D2
SHA-256:	4382C6B263C873B5A3564951D54542DEDC5B17D9BBBA5B234BFBF90EB8CF25F2
SHA-512:	2E68F626FFDADB6BB0CB5975057210A70823ECA16CB22EE6DD184FF782EC56D4EEBB5F96F6048215D3485425A36866A09124D61507EF8C6D49E18843944AFD50
Malicious:	false
Preview:	<?xml version='1.0'?>.. This is a sample XML document -->..<Plugin>...<height>500</height>...<width>700</width>...<runFilePath>run-omconvert.cmd</runFilePath>...<htmlFilePath>AX_OMConvert.html</htmlFilePath>...<savedValuesFilePath>saved.xml</savedValuesFilePath>...<iconName>64x64 converter.ico</iconName>...<description>OMConvert</description>...<fileName>OMConvert</fileName>...<readableName>OMConvert</readableName>...<outputExtensions>....<extension></extension>...</outputExtensions>...<numberOfInputFiles>1</numberOfInputFiles>...<wantMetadata>false</wantMetadata>...<requiresCWANames>true</requiresCWANames>..</Plugin>

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\bootstrap.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64027
Entropy (8bit):	4.836305483874431
Encrypted:	false
SSDEEP:	1536:Y0/ZYwdtLLrK7tXuLJAlC0NEojHweGy8VEfrUiOl3ST0uMU:xZ79L2kJmzNvjHwlR+UT3STD7
MD5:	4D269F4999A9D6766EBA116A79B22F6C
SHA1:	982A75004C32B52BFADB0D296867780DBA232543
SHA-256:	CA0B58099DB982806828D46FAAAE6B53FF51BD5207912379BE0B20FF96ED6ADA
SHA-512:	198D5C7E6D0E274002B25B9F905E52AFFB09E1EDC76480D03D78FD35824C0A62B0F36EC2144A62ECEA8A4B1A6ACC4A455B83AAB8B3512B670A37944276619507
Malicious:	false
Preview:	/* ===================================================.. * bootstrap-transition.js v2.3.1.. * http://twitter.github.com/bootstrap/javascript.html#transitions.. * ===================================================.. * Copyright 2012 Twitter, Inc... .. Licensed under the Apache License, Version 2.0 (the "License");.. * you may not use this file except in compliance with the License... * You may obtain a copy of the License at.. .. http://www.apache.org/licenses/LICENSE-2.0.. .. Unless required by applicable law or agreed to in writing, software.. * distributed under the License is distributed on an "AS IS" BASIS,.. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... * See the License for the specific language governing permissions and.. * limitations under the License... * ========================================================== /......!function ($) {.... "use strict"; // jshint ;_;...... / CSS TRANSITION SUPPORT (http://www.modernizr.com/).. *

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\bootstrap.min.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (28421), with CRLF line terminators
Category:	dropped
Size (bytes):	28543
Entropy (8bit):	5.002712804901758
Encrypted:	false
SSDEEP:	768:I7S57QFwmPK40INVIPcr8gCBQcqYn0SUs8q:t0OANsz0WT
MD5:	4D2217E6EF811750EF429614897722F7
SHA1:	81354DCFC6D99A1A43678DD9719D0D279271A02E
SHA-256:	96708C6D8E2D1D3E2CD83C34B4E30311C6C6BB405CAEF24C66D9C7A336B4BED2
SHA-512:	648E210FE2C1414EAFB340E2C5522294A47D17734F7840D73C4283140BCE1EC1D42B32C7BEBEDEB7AE791F2B15EB1B601E724126D521B223576DDFBBA2E44DBE
Malicious:	false
Preview:	/!.. Bootstrap.js by @fat & @mdo..* Copyright 2012 Twitter, Inc...* http://www.apache.org/licenses/LICENSE-2.0.txt../..!function(e){"use strict";e(function(){e.support.transition=function(){var e=function(){var e=document.createElement("bootstrap"),t={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},n;for(n in t)if(e.style[n]!==undefined)return t[n]}();return e&&{end:e}}()})}(window.jQuery),!function(e){"use strict";var t='[data-dismiss="alert"]',n=function(n){e(n).on("click",t,this.close)};n.prototype.close=function(t){function s(){i.trigger("closed").remove()}var n=e(this),r=n.attr("data-target"),i;r\|\|(r=n.attr("href"),r=r&&r.replace(/.(?=#[^\s]*$)/,"")),i=e(r),t&&t.preventDefault(),i.length\|\|(i=n.hasClass("alert")?n:n.parent()),i.trigger(t=e.Event("close"));if(t.isDefaultPrevented())return;i.removeClass("in"),e.support.transition&&i.hasClass("fade")?i.on(e.support.transition.end,s):s()};v

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\formatDateTime.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4637
Entropy (8bit):	5.283122109416986
Encrypted:	false
SSDEEP:	96:JzqhusqHcm22mclSXcgEmYiMqca8UnbXxsUiYisGeGEFt4ly+b52ixBBukB20bLV:Jzqhuj8m2vrcgEmYiMqca80bxsUiYisM
MD5:	4DE79723652420E759270FDA9C507915
SHA1:	705C2D98CB777504EAFCA979D907717E9631DF7A
SHA-256:	D2D4888A6BA0CE82090782138F1DE42221D35FB5EB566105B2FB3BF5629E533B
SHA-512:	9727127B58160F3D8CBFC4782F09FCEEE0486C08BCCBAE5D0A94CF81B6598DC7DA1DECA179FC3ABF2588D71A8D994439A7235CF937B0395E8F63A333864F28AC
Malicious:	false
Preview:	//* This code is copyright 2002-2003 by Gavin Kistner, !@phrogz.net..//* It is covered under the license viewable at http://phrogz.net/JS/_ReuseLicense.txt..//* Reuse or modification is free provided you abide by the terms of that license...//* (Including the first two lines above in your source code satisfies the conditions.)....// Include this code (with notice above ;) in your library; read below for how to use it.....Date.prototype.customFormat = function(formatString){...var YYYY,YY,MMMM,MMM,MM,M,DDDD,DDD,DD,D,hhh,hh,h,mm,m,ss,s,ampm,AMPM,dMod,th;...var dateObject = this;...YY = ((YYYY=dateObject.getFullYear())+"").slice(-2);...MM = (M=dateObject.getMonth()+1)<10?('0'+M):M;...MMM = (MMMM=["January","February","March","April","May","June","July","August","September","October","November","December"][M-1]).substring(0,3);...DD = (D=dateObject.getDate())<10?('0'+D):D;...DDD = (DDDD=["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"][dateObject.getDay()]).s

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\is-4Q7OL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4637
Entropy (8bit):	5.283122109416986
Encrypted:	false
SSDEEP:	96:JzqhusqHcm22mclSXcgEmYiMqca8UnbXxsUiYisGeGEFt4ly+b52ixBBukB20bLV:Jzqhuj8m2vrcgEmYiMqca80bxsUiYisM
MD5:	4DE79723652420E759270FDA9C507915
SHA1:	705C2D98CB777504EAFCA979D907717E9631DF7A
SHA-256:	D2D4888A6BA0CE82090782138F1DE42221D35FB5EB566105B2FB3BF5629E533B
SHA-512:	9727127B58160F3D8CBFC4782F09FCEEE0486C08BCCBAE5D0A94CF81B6598DC7DA1DECA179FC3ABF2588D71A8D994439A7235CF937B0395E8F63A333864F28AC
Malicious:	false
Preview:	//* This code is copyright 2002-2003 by Gavin Kistner, !@phrogz.net..//* It is covered under the license viewable at http://phrogz.net/JS/_ReuseLicense.txt..//* Reuse or modification is free provided you abide by the terms of that license...//* (Including the first two lines above in your source code satisfies the conditions.)....// Include this code (with notice above ;) in your library; read below for how to use it.....Date.prototype.customFormat = function(formatString){...var YYYY,YY,MMMM,MMM,MM,M,DDDD,DDD,DD,D,hhh,hh,h,mm,m,ss,s,ampm,AMPM,dMod,th;...var dateObject = this;...YY = ((YYYY=dateObject.getFullYear())+"").slice(-2);...MM = (M=dateObject.getMonth()+1)<10?('0'+M):M;...MMM = (MMMM=["January","February","March","April","May","June","July","August","September","October","November","December"][M-1]).substring(0,3);...DD = (D=dateObject.getDate())<10?('0'+D):D;...DDD = (DDDD=["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"][dateObject.getDay()]).s

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\is-8UROO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1809656
Entropy (8bit):	4.209663989639158
Encrypted:	false
SSDEEP:	3072:R23rm6ZJ2D+lXqBmp4u6gzgSmZwJSxT6Ycey7RtgigsL:K9t
MD5:	ACFBA1BAD17C2BC4DBAC9F78F326525E
SHA1:	EACA1E718802059FFC51F9944368268BBBBA265B
SHA-256:	DFB1A880DA3B66ECFCC7C95B1E3BE91E7A4C46DE268BC786AB0800D50EA5D380
SHA-512:	04E2D9D3EEE43B2921022A821C33082B890059267E0997DBE107CEBFDCA03F2DE8DB5578D0987D470936F7A9DF7F9B64CE2CF0108FEF43302F2A0438742F425F
Malicious:	false
Preview:	function readData() {.. var data = ..{..."PAjson": {...."Device": {....."Type": "AX3",....."Model": "17",....."ID": "12345",....."Firmware": "R36",....."Calibration": "0,0,0"....},...."Recording": {....."StartTime": "2000-14-10 12:34:56:789",....."StopTime": "2000-15-10 12:34:56:789",....."LocationSite": "wrist",....."LocationSide": "left",....."TimeZone": "GMT+1"....},...."Subject": {....."Code": "Participant1",....."DOB": "1981-14-10",....."Sex": "male",....."Heightcm": "183",....."Weightkg": "78",....."Handedness": "right",....."Notes": "Neque porro quisquam est qui dolorem"....},...."Study": {....."Centre": "Newcastle",....."Code": "Study #1",....."Investigator": "A Apple",....."ExerciseType": "Daily Living",....."ConfigOperator": "B Bannana",....."ConfigTime": "2000-14-10 00:00:00:000",....."ConfigNotes": "Ipsum quia dolor sit amet, consectetur"....},...."Extract": {....."Operator": "C Cherry",....."Time": "2000-16-10 12:34:56:789",....."Notes": "Lorem ipsum dolor sit amet, con

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\is-AH9QM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64027
Entropy (8bit):	4.836305483874431
Encrypted:	false
SSDEEP:	1536:Y0/ZYwdtLLrK7tXuLJAlC0NEojHweGy8VEfrUiOl3ST0uMU:xZ79L2kJmzNvjHwlR+UT3STD7
MD5:	4D269F4999A9D6766EBA116A79B22F6C
SHA1:	982A75004C32B52BFADB0D296867780DBA232543
SHA-256:	CA0B58099DB982806828D46FAAAE6B53FF51BD5207912379BE0B20FF96ED6ADA
SHA-512:	198D5C7E6D0E274002B25B9F905E52AFFB09E1EDC76480D03D78FD35824C0A62B0F36EC2144A62ECEA8A4B1A6ACC4A455B83AAB8B3512B670A37944276619507
Malicious:	false
Preview:	/* ===================================================.. * bootstrap-transition.js v2.3.1.. * http://twitter.github.com/bootstrap/javascript.html#transitions.. * ===================================================.. * Copyright 2012 Twitter, Inc... .. Licensed under the Apache License, Version 2.0 (the "License");.. * you may not use this file except in compliance with the License... * You may obtain a copy of the License at.. .. http://www.apache.org/licenses/LICENSE-2.0.. .. Unless required by applicable law or agreed to in writing, software.. * distributed under the License is distributed on an "AS IS" BASIS,.. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... * See the License for the specific language governing permissions and.. * limitations under the License... * ========================================================== /......!function ($) {.... "use strict"; // jshint ;_;...... / CSS TRANSITION SUPPORT (http://www.modernizr.com/).. *

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\is-J0MH5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (28421), with CRLF line terminators
Category:	dropped
Size (bytes):	28543
Entropy (8bit):	5.002712804901758
Encrypted:	false
SSDEEP:	768:I7S57QFwmPK40INVIPcr8gCBQcqYn0SUs8q:t0OANsz0WT
MD5:	4D2217E6EF811750EF429614897722F7
SHA1:	81354DCFC6D99A1A43678DD9719D0D279271A02E
SHA-256:	96708C6D8E2D1D3E2CD83C34B4E30311C6C6BB405CAEF24C66D9C7A336B4BED2
SHA-512:	648E210FE2C1414EAFB340E2C5522294A47D17734F7840D73C4283140BCE1EC1D42B32C7BEBEDEB7AE791F2B15EB1B601E724126D521B223576DDFBBA2E44DBE
Malicious:	false
Preview:	/!.. Bootstrap.js by @fat & @mdo..* Copyright 2012 Twitter, Inc...* http://www.apache.org/licenses/LICENSE-2.0.txt../..!function(e){"use strict";e(function(){e.support.transition=function(){var e=function(){var e=document.createElement("bootstrap"),t={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},n;for(n in t)if(e.style[n]!==undefined)return t[n]}();return e&&{end:e}}()})}(window.jQuery),!function(e){"use strict";var t='[data-dismiss="alert"]',n=function(n){e(n).on("click",t,this.close)};n.prototype.close=function(t){function s(){i.trigger("closed").remove()}var n=e(this),r=n.attr("data-target"),i;r\|\|(r=n.attr("href"),r=r&&r.replace(/.(?=#[^\s]*$)/,"")),i=e(r),t&&t.preventDefault(),i.length\|\|(i=n.hasClass("alert")?n:n.parent()),i.trigger(t=e.Event("close"));if(t.isDefaultPrevented())return;i.removeClass("in"),e.support.transition&&i.hasClass("fade")?i.on(e.support.transition.end,s):s()};v

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\is-VNUIF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (32089), with CRLF line terminators
Category:	dropped
Size (bytes):	92635
Entropy (8bit):	5.304097832737613
Encrypted:	false
SSDEEP:	1536:pnu00HWWaRxkqJg09pYxoxDKLXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qz7rbaN1RUg:pdkWgoBecZRQzmW42qf
MD5:	874082B265651D732B1E8A97CE2517A6
SHA1:	EEE9A5B74FA1B59692E17A0420D989D3F82CBE2C
SHA-256:	7933FF01DB5BE57CA6677DAAAD6BF5009D38D294AB5AA5D998DE3BA47E89CA0E
SHA-512:	086C1AE8648EE00511C5F4FBC21122A0BCA45B62F4C0D8CC9AEEA147EBB0807A9C3B9EAE3145DFBC2666A8F80D2A80A7A4A04290ABEC496B5524D32A657C1FDE
Malicious:	false
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license..//@ sourceMappingURL=jquery.min.map../(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\jquery.min.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with very long lines (32089), with CRLF line terminators
Category:	dropped
Size (bytes):	92635
Entropy (8bit):	5.304097832737613
Encrypted:	false
SSDEEP:	1536:pnu00HWWaRxkqJg09pYxoxDKLXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qz7rbaN1RUg:pdkWgoBecZRQzmW42qf
MD5:	874082B265651D732B1E8A97CE2517A6
SHA1:	EEE9A5B74FA1B59692E17A0420D989D3F82CBE2C
SHA-256:	7933FF01DB5BE57CA6677DAAAD6BF5009D38D294AB5AA5D998DE3BA47E89CA0E
SHA-512:	086C1AE8648EE00511C5F4FBC21122A0BCA45B62F4C0D8CC9AEEA147EBB0807A9C3B9EAE3145DFBC2666A8F80D2A80A7A4A04290ABEC496B5524D32A657C1FDE
Malicious:	false
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license..//@ sourceMappingURL=jquery.min.map../(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\js\p5.js (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1809656
Entropy (8bit):	4.209663989639158
Encrypted:	false
SSDEEP:	3072:R23rm6ZJ2D+lXqBmp4u6gzgSmZwJSxT6Ycey7RtgigsL:K9t
MD5:	ACFBA1BAD17C2BC4DBAC9F78F326525E
SHA1:	EACA1E718802059FFC51F9944368268BBBBA265B
SHA-256:	DFB1A880DA3B66ECFCC7C95B1E3BE91E7A4C46DE268BC786AB0800D50EA5D380
SHA-512:	04E2D9D3EEE43B2921022A821C33082B890059267E0997DBE107CEBFDCA03F2DE8DB5578D0987D470936F7A9DF7F9B64CE2CF0108FEF43302F2A0438742F425F
Malicious:	false
Preview:	function readData() {.. var data = ..{..."PAjson": {...."Device": {....."Type": "AX3",....."Model": "17",....."ID": "12345",....."Firmware": "R36",....."Calibration": "0,0,0"....},...."Recording": {....."StartTime": "2000-14-10 12:34:56:789",....."StopTime": "2000-15-10 12:34:56:789",....."LocationSite": "wrist",....."LocationSide": "left",....."TimeZone": "GMT+1"....},...."Subject": {....."Code": "Participant1",....."DOB": "1981-14-10",....."Sex": "male",....."Heightcm": "183",....."Weightkg": "78",....."Handedness": "right",....."Notes": "Neque porro quisquam est qui dolorem"....},...."Study": {....."Centre": "Newcastle",....."Code": "Study #1",....."Investigator": "A Apple",....."ExerciseType": "Daily Living",....."ConfigOperator": "B Bannana",....."ConfigTime": "2000-14-10 00:00:00:000",....."ConfigNotes": "Ipsum quia dolor sit amet, consectetur"....},...."Extract": {....."Operator": "C Cherry",....."Time": "2000-16-10 12:34:56:789",....."Notes": "Lorem ipsum dolor sit amet, con

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\omconvert.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	213504
Entropy (8bit):	6.709248017183754
Encrypted:	false
SSDEEP:	6144:ZxGwK8gQiqm4NvHRZVJOqQ1EFO1VxkJlof0jFjzyYdsmSLfTN/oOuusrn4HJ:ZxGwK8gQiqm4NvHRZVJOqQ1EFO1VxkJ8
MD5:	D05718285DF704EED58EF4B1FE6761A0
SHA1:	4FA2A4F16B998C0F553EE6B57A780E39323E6A85
SHA-256:	E5FA5DE8F79FA702C8D2B1164D2E319CB6F597AD700EA9FF04D2273311505943
SHA-512:	C6F3F2C36FCBE0AA43124716D49D119399E8D1B0D6F61F2DE3A23B8775EE45E7DC5F304B90A0AAE51883E7F7928DB4A04ECCBCEF60EB46CC5B74DD3BD3229BF0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]q>*..Py..Py..Py...y..Py...y..Py...y..Py...y..Py.vSx..Py.vUx:.Py.vTx..Py.h.y..Py..Qyz.Py%wXx..Py%w.y..Py%wRx..PyRich..Py........................PE..L......[.................l..........A.............@.......................................@.....................................(....`.......................p..........p...............................@...............4............................text....k.......l.................. ..`.rdata...............p..............@..@.data........0......................@..._RDATA.......P......................@..@.rsrc........`.......$..............@..@.reloc.......p.......&..............@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\OmConvertPlugin\run-omconvert.cmd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	5.326275339578517
Encrypted:	false
SSDEEP:	24:LLiOeidBLv0ZdCla1ONH2KNC2Ip1vv4lbS9q4HvUHH83HSaSlHlRB4L43bdD43aA:fiOeidB3y1wm88iaSvnJbMaA
MD5:	8F25B67F5F848AD2BF34B0E8465A683C
SHA1:	58B67E0D5A0A371B111D03FC45BD8D891CBF5878
SHA-256:	E60CACD6F47040008D07AA8BAF516D116420149E373FE8F23C9AFF4F157C903F
SHA-512:	EA48B245C95D3482EB97CC82AF6750D890CB46CBC2800EFB82EE289148175315FFFC75F200CC98C79B876AE2C14CE36E063B0CD05E77F799DD518A478A6E04B2
Malicious:	false
Preview:	@echo off..cd /d %~dp0....::: Check arguments..if "%~1"=="" goto ERROR_NO_SOURCE..rem if not "%~2"=="" goto ERROR_TOO_MANY_ARGS..if not exist "%~1" goto ERROR_SOURCE_NOT_FOUND..set INPUT=%~f1..set OUTPUT=%~dpn1....::: Choose a temporary output folder..set TEMPDIR=%TEMP%\CBR-%RANDOM%..mkdir "%TEMPDIR%"....::: Run the script..echo OMCONVERT: INPUT: %INPUT%..rem echo INPUT: %INPUT% 1>&2..echo OMCONVERT: OUTPUT: %OUTPUT%..rem echo OUTPUT: %OUTPUT% 1>&2..echo OMCONVERT: TEMPORARY: %TEMPDIR%..rem echo TEMPORARY: %TEMPDIR% 1>&2..echo OMCONVERT: Running: omconvert.exe "%INPUT%" "%TEMPDIR%"..if not exist omconvert.exe echo OMCONVERT: Executable not found.....if exist omconvert.exe omconvert.exe "%INPUT%" -out "%TEMPDIR%\file.wav" -svm-file "%TEMPDIR%\file.svm.csv" -wtv-file "%TEMPDIR%\file.wtv.csv" -paee-file "%TEMPDIR%\file.paee.csv"....::: Move files from the temporary folder..move "%TEMPDIR%\file.wav" "%OUTPUT%.wav" >nul..move "%TEMPDIR%\file.svm.csv" "%OUTPUT%.svm.csv" >nul..move "%TE

C:\Program Files (x86)\Open Movement\OM GUI\firmware\AX664_51.cmd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.7796597855256095
Encrypted:	false
SSDEEP:	3:mKDDVBFFyvDvDAb+fRFUK2v9XVFoq98zNCIv:hevbDJXi9XVFoqqRCS
MD5:	AD509AD20E7A48AB060D8433483AD9B5
SHA1:	0E566D999A2CE33DCD6FCA3206E4D54A1EAD0A4C
SHA-256:	047AA251D846EE9179299A5591DBEE119D71DB4EA20F15D45CFCC338D0AB3695
SHA-512:	7F2CF5636B8138128F150681F3B4FA84F8355620435BB80233D7C9960A0C3EBFC47AF4B507D35EEE324E1F75E02E24D609C505BF35A63C4F5CD90731F41C6BA2
Malicious:	false
Preview:	@echo off..cd /d %~dp0..echo AX6 Bootload: %~n0..booter.exe -copy 0x3A800 8 -timeout 15 "%~n0.hex"..

C:\Program Files (x86)\Open Movement\OM GUI\firmware\AX664_51.hex (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	741679
Entropy (8bit):	3.3787652271328286
Encrypted:	false
SSDEEP:	12288:Pz13L3BiigW2i2uqhMSIY/hSsQLqwH/g+mgl6HOCZn:Pzaf
MD5:	BD5E717AEFD02037723B196D249CC183
SHA1:	8CB2BEB61F61984E0CBDBDE94E22089C7383AC84
SHA-256:	7A8946F7E2F96DBC2DED5C97B5558F4277BB26A47023A30F8B156F03F7CFCC22
SHA-512:	43D4A9661D92ACB584B03E2514B84D699430ED74E4D61DFF45C1B8CE066CE9CDB27C8BCA66C653BEC58AFF491D95BD57EBA066626B9E6618DC81EB08CB16AB64
Malicious:	false
Preview:	:020000040000fa..:0800000090350400000000002f..:020000040000fa..:1000080004300000083000000c3000001030000000..:1000180014300000183000001c30000020300000b0..:1000280024300000283000002c3000003030000060..:1000380034300000383000003c3000004030000010..:1000480044300000483000004c30000050300000c0..:1000580054300000583000005c3000006030000070..:1000680064300000683000006c3000007030000020..:1000780074300000783000007c30000080300000d0..:1000880084300000883000008c3000009030000080..:1000980094300000983000009c300000a030000030..:1000a800a4300000a8300000ac300000b0300000e0..:1000b800b4300000b8300000bc300000c030000090..:1000c800c4300000c8300000cc300000d030000040..:1000d800d4300000d8300000dc300000e0300000f0..:1000e800e4300000e8300000ec300000f0300000a0..:1000f800f4300000f8300000fc300000003100004f..:1001080004310000083100000c31000010310000fb..:1001180014310000183100001c31000020310000ab..:1001280024310000283100002c310000303100005b..:1001380034310000383100003c310000403100000b..:1001480044310000483100004c3100005031

C:\Program Files (x86)\Open Movement\OM GUI\firmware\CWA17_45.cmd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.758242691024847
Encrypted:	false
SSDEEP:	3:mKDDVBFFyvkZAb+fRFUK2vOVPFt98zNCIv:hevgJXi6PPqRCS
MD5:	B3E5875611A7950F56A82EE3CD1E271B
SHA1:	52CDD253F4E142D4E834B359B2FFABE5C126DCAA
SHA-256:	7B87569B590F6D6E434638EB5242785F6F5A1EF98EB63ECF93FA8408BEC9CB42
SHA-512:	AA7034EBBD36BD064C4C18624B98F185EEA277EAE728CF33E4DD9451A439D37C5652D2440668C97669E8F77889AD7DFB263974BE01F1B8F1ADE8BC3E55EB0E5D
Malicious:	false
Preview:	@echo off..cd /d %~dp0..echo AX3 Bootload: %~n0..booter.exe -copy 0x2A000 8 -timeout 15 "%~n0.hex"..

C:\Program Files (x86)\Open Movement\OM GUI\firmware\CWA17_45.hex (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	334821
Entropy (8bit):	3.296637841715141
Encrypted:	false
SSDEEP:	1536:bS1CmtHqiix2BwOTY3+oG2FO6s7CdrUpaX9zNhREz3YEwE58ab2Us+HSOluMWX5w:/H89x6fZdZphcAUfgOAnAGQRl7
MD5:	32ADB156B64D4A3BF8EA9E521769C683
SHA1:	3E8D4C14296BD395AA84FE8CD311B3217E4553C0
SHA-256:	FBBE84FE5450F1D1BEC9A7B830FB2C0830E77EC19B85C4D1BAF7809B61FDC9E3
SHA-512:	38A1741EDB7283C3AF7142BA6A844A4FFA4459F53F61D56C9BEA31A4B8AA26DF05F4D6C04A387A3D48C8B31942A75CAC0D05D64C8770A1F02110D4B25EC379BE
Malicious:	false
Preview:	:020000040000fa..:080000001015040000000000cf..:020000040000fa..:102a20006fe522000e7f24000e01880000000000e8..:102a30000c00070040992e00010020001100070043..:102a4000000020000000e000020032000000020050..:102a500000000000e6ca0200000000000040da00aa..:102a60000000fe004440a900603021000000e000aa..:102a70000300320000002000a00188004440a800ac..:102a80000000060091018800800078000000eb0043..:102a900015003700e280400032a0b4009101ba0076..:102aa000e280400032a0b4009102ba00e28040000f..:102ab00032a0b4000002eb00472bde00f507b200a5..:102ac000602ce10004003a000059eb008301e900aa..:102ad000fdff3e00040037006128e10001003200e4..:102ae0000082eb00040007001101ba000200e000c0..:102af000e8ff3a00000006003159ba008301e900fe..:102b00000c0032002159ba008301e90008003200ac..:102b10000400e00003003a00e280400032a0b4006c..:102b2000f5ff370011d9ba008301e900faff3a0036..:102b30008100e800e180400032a0b40000000600ff..:102b400096f404000000000060fa04000000000099..:102b5000dcf9040000000000daf9040000000000c5..:102b6000ccf90400000000001efa04000000

C:\Program Files (x86)\Open Movement\OM GUI\firmware\CWA17_48.cmd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.758242691024847
Encrypted:	false
SSDEEP:	3:mKDDVBFFyvkZAb+fRFUK2vOVPFt98zNCIv:hevgJXi6PPqRCS
MD5:	B3E5875611A7950F56A82EE3CD1E271B
SHA1:	52CDD253F4E142D4E834B359B2FFABE5C126DCAA
SHA-256:	7B87569B590F6D6E434638EB5242785F6F5A1EF98EB63ECF93FA8408BEC9CB42
SHA-512:	AA7034EBBD36BD064C4C18624B98F185EEA277EAE728CF33E4DD9451A439D37C5652D2440668C97669E8F77889AD7DFB263974BE01F1B8F1ADE8BC3E55EB0E5D
Malicious:	false
Preview:	@echo off..cd /d %~dp0..echo AX3 Bootload: %~n0..booter.exe -copy 0x2A000 8 -timeout 15 "%~n0.hex"..

C:\Program Files (x86)\Open Movement\OM GUI\firmware\CWA17_48.hex (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	337121
Entropy (8bit):	3.2902188223876294
Encrypted:	false
SSDEEP:	1536:yt54CmtVuiuZ21w/TgADOWzt8AuC/B8IImIIUIPv/MnQueAtc35pMXgrget6o+F3:cxzUk5QO3fkHqbUxd8JSb7
MD5:	79D2A921B36F8D8BA223C1693D1BFFBF
SHA1:	8E5A13D2D094A08A108A25C690C29F9637D6C124
SHA-256:	E482F652BDAC3396FC27BF75424206E2CBFC8F856593D8D764121C0BD820ED19
SHA-512:	E87B6975C11F1A7AC146E9EA2C20D10FB89EB379E992D85B7AF336672BB430C3424292DB5A8505CFEAECC4977D79C4E4028073F115BA6F5A8B228C365E1714A5
Malicious:	false
Preview:	:020000040000fa..:080000001015040000000000cf..:020000040000fa..:102a20000fe422000e7f24000e0188000000000049..:102a30000c000700c0a92e000100200011000700b3..:102a4000000020000000e000020032000000020050..:102a50000000000088cb0200000000000040da0007..:102a60000000fe004440a900a03121000000e00069..:102a70000300320000002000a00188004440a800ac..:102a80000000060091018800800078000000eb0043..:102a900015003700e280400032a0b4009101ba0076..:102aa000e280400032a0b4009102ba00e28040000f..:102ab00032a0b4000002eb00472bde00f507b200a5..:102ac000602ce10004003a000059eb008301e900aa..:102ad000fdff3e00040037006128e10001003200e4..:102ae0000082eb00040007001101ba000200e000c0..:102af000e8ff3a00000006003159ba008301e900fe..:102b00000c0032002159ba008301e90008003200ac..:102b10000400e00003003a00e280400032a0b4006c..:102b2000f5ff370011d9ba008301e900faff3a0036..:102b30008100e800e180400032a0b40000000600ff..:102b40008cf504000000000060fc040000000000a0..:102b5000dcfb040000000000dafb040000000000c1..:102b6000ccfb0400000000001efc04000000

C:\Program Files (x86)\Open Movement\OM GUI\firmware\booter.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	115200
Entropy (8bit):	6.4799426777001425
Encrypted:	false
SSDEEP:	3072:OZN2VprpIak+a4uTSnEFH+IkoSQMjP7e:CsPIBlmESQ0K
MD5:	162874F2AC02AE9D085356139523D079
SHA1:	52DABDCFF93FCC80C6A60AEB92C8E6D552557F78
SHA-256:	A9B24E41BA27B039E0E2C75A0EE5FCC837B8694DCCD130175A69DE3A84C0A8E0
SHA-512:	7B93C3D83E7F00C1B16314920EE18E09D7EE32B18F84EEF28AF268B1D02F2B3906EB206AE76FCB4126E436B59F6A19E000C16FEAD9DB2FD071E933721F018687
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..yvn.vn.vn.{<eQn.{<[an.{<d.n....sn.vn..n.S.`rn.S.Xwn.{<_wn.S.Zwn.Richvn.................PE..L.....*T.................2...........Y.......P....@..........................0............@....................................<....................................Q..8...........................@...@............P..h............................text....1.......2.................. ..`.rdata...c...P...d...6..............@..@.data...h2..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\firmware\bootload.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	Generic INItialization configuration [AX664]
Category:	dropped
Size (bytes):	935
Entropy (8bit):	5.133101727156174
Encrypted:	false
SSDEEP:	24:cPhJF/3LiRkFwYFy7Fqd6rupVPo2dk9yc:cJJxiR08S6ypVPldk0c
MD5:	56F0ECE0585EAE72AD15E40E21D1D2C2
SHA1:	E6D28934D8E754717DCBC98376D0B3DCFD4C7AA5
SHA-256:	79FE0C6E5783FAD4B04AE72AE35B3B56D9D74D182238A9E4E48AD4D7FF916F60
SHA-512:	87DE83E5A1D337E81F3D9A88D97CB880000BB1AFE3AEC4C10A49757FC02B2EE2BD658A8BE36C9FC93209A056855975DB1C4FA300C57947AAF163C85EC1D0800A
Malicious:	false
Preview:	; Bootload configuration file....; V36 base version..; V42 added Spansion NAND to whitelist, had incorrect optimizer setting (size)..; V44 fix for optimizer setting (speed)..; V45 added Micro NAND to whitelist..; V46 USB descriptors changed for Linux and Mac compatibility..; V47 removed main code pre-charge loop (retains bootloader pre-charge)..; V48 extended serial number from 16- to 32-bits....[CWA17].._version=CWA17_45.._executable=firmware\CWA17_45.cmd..CWA17_42=V42 is known to have a potential problem which can limit the recording duration...;CWA17_44=V44 is temporarily marked for upgrade just for debugging.....[AX664].._version=AX664_51.._executable=firmware\AX664_51.cmd..;AX664_10=V10 (internal) is out of date...;AX664_46=V46 (internal) is out of date...;AX664_47=V47 (internal) is out of date...;AX664_48=V48 (internal) is out of date...;AX664_49=V49 (internal) is out of date...;AX664_50=V50 (beta) is out of date...

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-7D4FL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	334821
Entropy (8bit):	3.296637841715141
Encrypted:	false
SSDEEP:	1536:bS1CmtHqiix2BwOTY3+oG2FO6s7CdrUpaX9zNhREz3YEwE58ab2Us+HSOluMWX5w:/H89x6fZdZphcAUfgOAnAGQRl7
MD5:	32ADB156B64D4A3BF8EA9E521769C683
SHA1:	3E8D4C14296BD395AA84FE8CD311B3217E4553C0
SHA-256:	FBBE84FE5450F1D1BEC9A7B830FB2C0830E77EC19B85C4D1BAF7809B61FDC9E3
SHA-512:	38A1741EDB7283C3AF7142BA6A844A4FFA4459F53F61D56C9BEA31A4B8AA26DF05F4D6C04A387A3D48C8B31942A75CAC0D05D64C8770A1F02110D4B25EC379BE
Malicious:	false
Preview:	:020000040000fa..:080000001015040000000000cf..:020000040000fa..:102a20006fe522000e7f24000e01880000000000e8..:102a30000c00070040992e00010020001100070043..:102a4000000020000000e000020032000000020050..:102a500000000000e6ca0200000000000040da00aa..:102a60000000fe004440a900603021000000e000aa..:102a70000300320000002000a00188004440a800ac..:102a80000000060091018800800078000000eb0043..:102a900015003700e280400032a0b4009101ba0076..:102aa000e280400032a0b4009102ba00e28040000f..:102ab00032a0b4000002eb00472bde00f507b200a5..:102ac000602ce10004003a000059eb008301e900aa..:102ad000fdff3e00040037006128e10001003200e4..:102ae0000082eb00040007001101ba000200e000c0..:102af000e8ff3a00000006003159ba008301e900fe..:102b00000c0032002159ba008301e90008003200ac..:102b10000400e00003003a00e280400032a0b4006c..:102b2000f5ff370011d9ba008301e900faff3a0036..:102b30008100e800e180400032a0b40000000600ff..:102b400096f404000000000060fa04000000000099..:102b5000dcf9040000000000daf9040000000000c5..:102b6000ccf90400000000001efa04000000

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-B3UKD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	Generic INItialization configuration [AX664]
Category:	dropped
Size (bytes):	935
Entropy (8bit):	5.133101727156174
Encrypted:	false
SSDEEP:	24:cPhJF/3LiRkFwYFy7Fqd6rupVPo2dk9yc:cJJxiR08S6ypVPldk0c
MD5:	56F0ECE0585EAE72AD15E40E21D1D2C2
SHA1:	E6D28934D8E754717DCBC98376D0B3DCFD4C7AA5
SHA-256:	79FE0C6E5783FAD4B04AE72AE35B3B56D9D74D182238A9E4E48AD4D7FF916F60
SHA-512:	87DE83E5A1D337E81F3D9A88D97CB880000BB1AFE3AEC4C10A49757FC02B2EE2BD658A8BE36C9FC93209A056855975DB1C4FA300C57947AAF163C85EC1D0800A
Malicious:	false
Preview:	; Bootload configuration file....; V36 base version..; V42 added Spansion NAND to whitelist, had incorrect optimizer setting (size)..; V44 fix for optimizer setting (speed)..; V45 added Micro NAND to whitelist..; V46 USB descriptors changed for Linux and Mac compatibility..; V47 removed main code pre-charge loop (retains bootloader pre-charge)..; V48 extended serial number from 16- to 32-bits....[CWA17].._version=CWA17_45.._executable=firmware\CWA17_45.cmd..CWA17_42=V42 is known to have a potential problem which can limit the recording duration...;CWA17_44=V44 is temporarily marked for upgrade just for debugging.....[AX664].._version=AX664_51.._executable=firmware\AX664_51.cmd..;AX664_10=V10 (internal) is out of date...;AX664_46=V46 (internal) is out of date...;AX664_47=V47 (internal) is out of date...;AX664_48=V48 (internal) is out of date...;AX664_49=V49 (internal) is out of date...;AX664_50=V50 (beta) is out of date...

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-JQO0H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	115200
Entropy (8bit):	6.4799426777001425
Encrypted:	false
SSDEEP:	3072:OZN2VprpIak+a4uTSnEFH+IkoSQMjP7e:CsPIBlmESQ0K
MD5:	162874F2AC02AE9D085356139523D079
SHA1:	52DABDCFF93FCC80C6A60AEB92C8E6D552557F78
SHA-256:	A9B24E41BA27B039E0E2C75A0EE5FCC837B8694DCCD130175A69DE3A84C0A8E0
SHA-512:	7B93C3D83E7F00C1B16314920EE18E09D7EE32B18F84EEF28AF268B1D02F2B3906EB206AE76FCB4126E436B59F6A19E000C16FEAD9DB2FD071E933721F018687
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..yvn.vn.vn.{<eQn.{<[an.{<d.n....sn.vn..n.S.`rn.S.Xwn.{<_wn.S.Zwn.Richvn.................PE..L.....*T.................2...........Y.......P....@..........................0............@....................................<....................................Q..8...........................@...@............P..h............................text....1.......2.................. ..`.rdata...c...P...d...6..............@..@.data...h2..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-KKM6T.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.758242691024847
Encrypted:	false
SSDEEP:	3:mKDDVBFFyvkZAb+fRFUK2vOVPFt98zNCIv:hevgJXi6PPqRCS
MD5:	B3E5875611A7950F56A82EE3CD1E271B
SHA1:	52CDD253F4E142D4E834B359B2FFABE5C126DCAA
SHA-256:	7B87569B590F6D6E434638EB5242785F6F5A1EF98EB63ECF93FA8408BEC9CB42
SHA-512:	AA7034EBBD36BD064C4C18624B98F185EEA277EAE728CF33E4DD9451A439D37C5652D2440668C97669E8F77889AD7DFB263974BE01F1B8F1ADE8BC3E55EB0E5D
Malicious:	false
Preview:	@echo off..cd /d %~dp0..echo AX3 Bootload: %~n0..booter.exe -copy 0x2A000 8 -timeout 15 "%~n0.hex"..

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-KNPQK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	741679
Entropy (8bit):	3.3787652271328286
Encrypted:	false
SSDEEP:	12288:Pz13L3BiigW2i2uqhMSIY/hSsQLqwH/g+mgl6HOCZn:Pzaf
MD5:	BD5E717AEFD02037723B196D249CC183
SHA1:	8CB2BEB61F61984E0CBDBDE94E22089C7383AC84
SHA-256:	7A8946F7E2F96DBC2DED5C97B5558F4277BB26A47023A30F8B156F03F7CFCC22
SHA-512:	43D4A9661D92ACB584B03E2514B84D699430ED74E4D61DFF45C1B8CE066CE9CDB27C8BCA66C653BEC58AFF491D95BD57EBA066626B9E6618DC81EB08CB16AB64
Malicious:	false
Preview:	:020000040000fa..:0800000090350400000000002f..:020000040000fa..:1000080004300000083000000c3000001030000000..:1000180014300000183000001c30000020300000b0..:1000280024300000283000002c3000003030000060..:1000380034300000383000003c3000004030000010..:1000480044300000483000004c30000050300000c0..:1000580054300000583000005c3000006030000070..:1000680064300000683000006c3000007030000020..:1000780074300000783000007c30000080300000d0..:1000880084300000883000008c3000009030000080..:1000980094300000983000009c300000a030000030..:1000a800a4300000a8300000ac300000b0300000e0..:1000b800b4300000b8300000bc300000c030000090..:1000c800c4300000c8300000cc300000d030000040..:1000d800d4300000d8300000dc300000e0300000f0..:1000e800e4300000e8300000ec300000f0300000a0..:1000f800f4300000f8300000fc300000003100004f..:1001080004310000083100000c31000010310000fb..:1001180014310000183100001c31000020310000ab..:1001280024310000283100002c310000303100005b..:1001380034310000383100003c310000403100000b..:1001480044310000483100004c3100005031

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-PJDMG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.7796597855256095
Encrypted:	false
SSDEEP:	3:mKDDVBFFyvDvDAb+fRFUK2v9XVFoq98zNCIv:hevbDJXi9XVFoqqRCS
MD5:	AD509AD20E7A48AB060D8433483AD9B5
SHA1:	0E566D999A2CE33DCD6FCA3206E4D54A1EAD0A4C
SHA-256:	047AA251D846EE9179299A5591DBEE119D71DB4EA20F15D45CFCC338D0AB3695
SHA-512:	7F2CF5636B8138128F150681F3B4FA84F8355620435BB80233D7C9960A0C3EBFC47AF4B507D35EEE324E1F75E02E24D609C505BF35A63C4F5CD90731F41C6BA2
Malicious:	false
Preview:	@echo off..cd /d %~dp0..echo AX6 Bootload: %~n0..booter.exe -copy 0x3A800 8 -timeout 15 "%~n0.hex"..

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-PKDOH.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	337121
Entropy (8bit):	3.2902188223876294
Encrypted:	false
SSDEEP:	1536:yt54CmtVuiuZ21w/TgADOWzt8AuC/B8IImIIUIPv/MnQueAtc35pMXgrget6o+F3:cxzUk5QO3fkHqbUxd8JSb7
MD5:	79D2A921B36F8D8BA223C1693D1BFFBF
SHA1:	8E5A13D2D094A08A108A25C690C29F9637D6C124
SHA-256:	E482F652BDAC3396FC27BF75424206E2CBFC8F856593D8D764121C0BD820ED19
SHA-512:	E87B6975C11F1A7AC146E9EA2C20D10FB89EB379E992D85B7AF336672BB430C3424292DB5A8505CFEAECC4977D79C4E4028073F115BA6F5A8B228C365E1714A5
Malicious:	false
Preview:	:020000040000fa..:080000001015040000000000cf..:020000040000fa..:102a20000fe422000e7f24000e0188000000000049..:102a30000c000700c0a92e000100200011000700b3..:102a4000000020000000e000020032000000020050..:102a50000000000088cb0200000000000040da0007..:102a60000000fe004440a900a03121000000e00069..:102a70000300320000002000a00188004440a800ac..:102a80000000060091018800800078000000eb0043..:102a900015003700e280400032a0b4009101ba0076..:102aa000e280400032a0b4009102ba00e28040000f..:102ab00032a0b4000002eb00472bde00f507b200a5..:102ac000602ce10004003a000059eb008301e900aa..:102ad000fdff3e00040037006128e10001003200e4..:102ae0000082eb00040007001101ba000200e000c0..:102af000e8ff3a00000006003159ba008301e900fe..:102b00000c0032002159ba008301e90008003200ac..:102b10000400e00003003a00e280400032a0b4006c..:102b2000f5ff370011d9ba008301e900faff3a0036..:102b30008100e800e180400032a0b40000000600ff..:102b40008cf504000000000060fc040000000000a0..:102b5000dcfb040000000000dafb040000000000c1..:102b6000ccfb0400000000001efc04000000

C:\Program Files (x86)\Open Movement\OM GUI\firmware\is-TJDOP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.758242691024847
Encrypted:	false
SSDEEP:	3:mKDDVBFFyvkZAb+fRFUK2vOVPFt98zNCIv:hevgJXi6PPqRCS
MD5:	B3E5875611A7950F56A82EE3CD1E271B
SHA1:	52CDD253F4E142D4E834B359B2FFABE5C126DCAA
SHA-256:	7B87569B590F6D6E434638EB5242785F6F5A1EF98EB63ECF93FA8408BEC9CB42
SHA-512:	AA7034EBBD36BD064C4C18624B98F185EEA277EAE728CF33E4DD9451A439D37C5652D2440668C97669E8F77889AD7DFB263974BE01F1B8F1ADE8BC3E55EB0E5D
Malicious:	false
Preview:	@echo off..cd /d %~dp0..echo AX3 Bootload: %~n0..booter.exe -copy 0x2A000 8 -timeout 15 "%~n0.hex"..

C:\Program Files (x86)\Open Movement\OM GUI\is-6J897.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30720
Entropy (8bit):	5.561090262634769
Encrypted:	false
SSDEEP:	768:G9ivcgdQIeVAOrajN/ccIjOBHaHi6ej0hQ:G9ikgd0Vt+h8FC6eYhQ
MD5:	5083DA882E58C045E46391E8AC35456F
SHA1:	9EAE2AA46772286D5ABA504009ED0492031BC102
SHA-256:	BB2B868D313942BAFEDF896F19C7BE8CA91725A44C29E916DB8FBFB837087EE2
SHA-512:	1CE7025532A3E98FD420A5EAF5BC0E2BCCCB1141AD803C01F8D286805029932DB41EDDDAFAF97FC6300061D6570980E4F79B219E89D3FD25DD6337923F63D304
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H`c...........!..0..n..........n.... ........... ....................................@.....................................O................................................................................... ............... ..H............text...tm... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................P.......H........:...Q..........................................................^~....-.s.........~.....0...........s....}.....s....}.....(............s......}.......{....(.......{....~....(....&........s......}.......{....(.......{....~....(....&.l(....r...p(............s......}.......{....(.......{....~....(?...&...0............(.......(........................"..(........0..F........{....-=.&(....&...{....,....{....(.......{....,....{....(......}....F.(G...,...s....z.0..X...

C:\Program Files (x86)\Open Movement\OM GUI\is-8ADIG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	930090
Entropy (8bit):	7.977011759378819
Encrypted:	false
SSDEEP:	24576:5naARrEWuWdE8cb6IcDVPK6O8XwYJGQJxkTC:5a978y6bDVPKkZh
MD5:	0ABD9CF2D191036D778F6F1FBE25FAE1
SHA1:	89D8721A34C9DD33DBE3E84D88CF74E7B5C48499
SHA-256:	8274A7E0259278A1CE04260115E6C96AD0917A37971E8CA58ABEEB6D92AB2615
SHA-512:	17BDA1DE1606B554C7030E5210DD97148AE20819CAFC1B142721937D5C9784F3FF1E735E31BB608DEF81F0352A0A59CF6843617F2B802EAA11933086D954B8A5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\is-ERDIK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows icon resource - 12 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
Category:	dropped
Size (bytes):	29926
Entropy (8bit):	5.218447102517391
Encrypted:	false
SSDEEP:	384:+nBHx5lVcxQSv2Kf9KKUnuA8YQV/xCs3gKJZAUL4p1zKX311o6C:6B7tSUKUuA8YQVpCs3ggSS4p1zq11TC
MD5:	875539C4A4049BDD4D3AB2A7C7499438
SHA1:	8F3155CA9A39CCCD0620894BFF19DB0E44DEB742
SHA-256:	CAAAF43617BA6F896E7347CC239CE95BC5CA2CF31DAE225B827371DD71D3FEB2
SHA-512:	6EA74CB7011E2291015704E258C03FEAC75CE20B8B6FD8F0C60684A77D0488D5D80834DA24A07E8F8EC4AB90F32B4FDD734C7F8259F56273EBE17E0B8A06A204
Malicious:	false
Preview:	......00......h....... ......................................(.......00..........&... ..........................v$..........h...>+..00.... ..%...0.. .... .....NV........ ......f........ .h...~p..(...0...`.................................................................................................................................................................................................................................................................................x............................................{x..x.....................{x....................w{......................;y.{x...................y.{.............................................sx.{....................;{w.{....................{{77......................w.7s..................{{z..3{.....................z.sx..................{.....................{{..z...p................w......................w......z.p.................x.....x..............{xx...z.zz..............x..x....................s.....;.j{`.......

C:\Program Files (x86)\Open Movement\OM GUI\is-KHHI7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	206848
Entropy (8bit):	6.617501453617938
Encrypted:	false
SSDEEP:	6144:McgtGETY7RhzLkLS8smeiOe/Tg18j/zyC:sTYzzLkLSmeiL/Tk8zGC
MD5:	5B075AE6C4F10D56EF8D6A8B275DC3ED
SHA1:	F3159D2A45C7373A790CB118B0D534F53DF18333
SHA-256:	7B87B238F6AB12DE618BF86EC10B71481E30529EA6F06A102C004BEBD488DE02
SHA-512:	4B50E32D484D3A0894192E6137AC96C99BAABEE4B49DAC6E442B1963AA7517E2D4BF75FCBC781A0C8BFE300FDAD77B4A376BE3528CA0E63B51959DFB1151E99C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r..!..!..!h.r!..!h.p!D..!h.q!..!B+D!..!.. ..!.. ..!.. ...!...!..!...!..!..!...!y. ..!y. ..!y.\|!..!y. ..!Rich..!........PE..L....H`c...........!.....Z..........;........p...............................`............@.........................`...t............0.......................@..........p...........................0...@............p..H............................text....Y.......Z.................. ..`.rdata..\....p.......^..............@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\is-OG2TD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3227197
Entropy (8bit):	6.289855362233436
Encrypted:	false
SSDEEP:	49152:+dx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjK333yD:/HDYsqiPRhINnq95FoHVBK3338
MD5:	B507E2C856B2EE24E3E2142B831E0B9F
SHA1:	44CA805FCF65745FAA403F35E61FBFB7DAEEE850
SHA-256:	F827E6209A340544E4986DA98747AC822D52F88A6C7811872DDC2E3CCB4D3E72
SHA-512:	B96644A7FEDAD50244FFC25D77DE0527980A350E60B9D9B24372838B19D983A890E189A01A6ADECEDE6B0940AA611C7EE8A7D623CC1264DBAB01C513B7D3E59B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1...........@......@....................-.......-..9............................................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

C:\Program Files (x86)\Open Movement\OM GUI\is-RR9DL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1641984
Entropy (8bit):	7.012562124222005
Encrypted:	false
SSDEEP:	49152:s+4PCNQWsNQWsNQWsNQWsNQWsNQWh4NQW:sMuuuuuU
MD5:	12FEEE099449453BA386F8FBA6C72090
SHA1:	4BE776CF3F768BAD8F10CA885227494972CBCEBE
SHA-256:	E96445F1DEA2B0B630ADE704C5C478C0E50A71645473F11297FE7DED2D9F9197
SHA-512:	E21262C048DAA24BDAEF0F08D544CE06ADE5DF32D99D8D1967F76984AA8ED3780B8E8E03F2C0FE873D578BC52AA0A49F5A814D4B6146BCE13BC65CEEBEE6F95E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2H`c..............0......~........... ........@.. .......................`............@.....................................O.......8{...................@......t................................................ ............... ..H............text...\.... ...................... ..`.rsrc...8{.......\|..................@..@.reloc.......@......................@..B.......................H.......0>...;...........y...0............................................( ....0...........(.......(......................0..........~!.....~!.....i......~!.....o......-}...I...("...(#...tI...}....~!............($...-....J...("...(#...tJ...}....~!............($...-....K...("...(#...tK...}.......0..............7.....~....}........Yn(%...}.......}........Yn(%...}.......}...... .@. (&... ...._-..+. ...@`(&... ...._-..+. ....`}........('.....((...s....}.......}.......o....&*

C:\Program Files (x86)\Open Movement\OM GUI\libomapi.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	206848
Entropy (8bit):	6.617501453617938
Encrypted:	false
SSDEEP:	6144:McgtGETY7RhzLkLS8smeiOe/Tg18j/zyC:sTYzzLkLSmeiL/Tk8zGC
MD5:	5B075AE6C4F10D56EF8D6A8B275DC3ED
SHA1:	F3159D2A45C7373A790CB118B0D534F53DF18333
SHA-256:	7B87B238F6AB12DE618BF86EC10B71481E30529EA6F06A102C004BEBD488DE02
SHA-512:	4B50E32D484D3A0894192E6137AC96C99BAABEE4B49DAC6E442B1963AA7517E2D4BF75FCBC781A0C8BFE300FDAD77B4A376BE3528CA0E63B51959DFB1151E99C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r..!..!..!h.r!..!h.p!D..!h.q!..!B+D!..!.. ..!.. ..!.. ...!...!..!...!..!..!...!y. ..!y. ..!y.\|!..!y. ..!Rich..!........PE..L....H`c...........!.....Z..........;........p...............................`............@.........................`...t............0.......................@..........p...........................0...@............p..H............................text....Y.......Z.................. ..`.rdata..\....p.......^..............@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	930090
Entropy (8bit):	7.977011759378819
Encrypted:	false
SSDEEP:	24576:5naARrEWuWdE8cb6IcDVPK6O8XwYJGQJxkTC:5a978y6bDVPKkZh
MD5:	0ABD9CF2D191036D778F6F1FBE25FAE1
SHA1:	89D8721A34C9DD33DBE3E84D88CF74E7B5C48499
SHA-256:	8274A7E0259278A1CE04260115E6C96AD0917A37971E8CA58ABEEB6D92AB2615
SHA-512:	17BDA1DE1606B554C7030E5210DD97148AE20819CAFC1B142721937D5C9784F3FF1E735E31BB608DEF81F0352A0A59CF6843617F2B802EAA11933086D954B8A5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\Open Movement\OM GUI\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	InnoSetup Log OmGui {8CDD410D-4556-4A8A-BF86-D67276A10EA5}, version 0x418, 26611 bytes, 675052\37\user\376, C:\Program Files (x86)\Open Movement\OM GU
Category:	dropped
Size (bytes):	26611
Entropy (8bit):	3.675841048999303
Encrypted:	false
SSDEEP:	768:uVqDfb0HaQv/4pnYyS3z3M8JiIXerbFgxJOZ8FDFFVdpsZwVSpoZR9KV0pHZ2ZqN:ug0HaQv/4pnYyS3z3M8JiIXerbFgxJO6
MD5:	5BD37EBE3C4441756A90033800E8C211
SHA1:	4294FB61F52AD9A4E09B9B843AD6513BF29031FB
SHA-256:	0EE0FBD683D211C07A042AFB09F3369480002343A0BE7715A7F45BDD4C06AF68
SHA-512:	49D55CC5C7D41E828C957B81814F65DA18B76D72504CE16FBAE83A5CB1AC50E552295DE2CB706A779894D2FD8CD7B7B76283EBA8643C6221DEA603D3DFC7A581
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................{8CDD410D-4556-4A8A-BF86-D67276A10EA5}..........................................................................................OmGui...............................................................................................................................r....g...................................................................................................................C@..........S.................6.7.5.0.5.2......n.o.r.d.i......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I................/.1.... .....8........IFPS....#........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TMSGBOXTYPE.........TEXECWAIT.....I

C:\Program Files (x86)\Open Movement\OM GUI\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3227197
Entropy (8bit):	6.289855362233436
Encrypted:	false
SSDEEP:	49152:+dx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjK333yD:/HDYsqiPRhINnq95FoHVBK3338
MD5:	B507E2C856B2EE24E3E2142B831E0B9F
SHA1:	44CA805FCF65745FAA403F35E61FBFB7DAEEE850
SHA-256:	F827E6209A340544E4986DA98747AC822D52F88A6C7811872DDC2E3CCB4D3E72
SHA-512:	B96644A7FEDAD50244FFC25D77DE0527980A350E60B9D9B24372838B19D983A890E189A01A6ADECEDE6B0940AA611C7EE8A7D623CC1264DBAB01C513B7D3E59B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1...........@......@....................-.......-..9............................................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

C:\Program Files (x86)\Open Movement\OM GUI\uninstall.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows icon resource - 12 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
Category:	dropped
Size (bytes):	29926
Entropy (8bit):	5.218447102517391
Encrypted:	false
SSDEEP:	384:+nBHx5lVcxQSv2Kf9KKUnuA8YQV/xCs3gKJZAUL4p1zKX311o6C:6B7tSUKUuA8YQVpCs3ggSS4p1zq11TC
MD5:	875539C4A4049BDD4D3AB2A7C7499438
SHA1:	8F3155CA9A39CCCD0620894BFF19DB0E44DEB742
SHA-256:	CAAAF43617BA6F896E7347CC239CE95BC5CA2CF31DAE225B827371DD71D3FEB2
SHA-512:	6EA74CB7011E2291015704E258C03FEAC75CE20B8B6FD8F0C60684A77D0488D5D80834DA24A07E8F8EC4AB90F32B4FDD734C7F8259F56273EBE17E0B8A06A204
Malicious:	false
Preview:	......00......h....... ......................................(.......00..........&... ..........................v$..........h...>+..00.... ..%...0.. .... .....NV........ ......f........ .h...~p..(...0...`.................................................................................................................................................................................................................................................................................x............................................{x..x.....................{x....................w{......................;y.{x...................y.{.............................................sx.{....................;{w.{....................{{77......................w.7s..................{{z..3{.....................z.sx..................{.....................{{..z...p................w......................w......z.p.................x.....x..............{xx...z.zz..............x..x....................s.....;.j{`.......

C:\Program Files\AX3-Driver\dpinst32.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	921992
Entropy (8bit):	5.698587665358091
Encrypted:	false
SSDEEP:	6144:EZtaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIjsRP/1HHm/hHAM8i6r+LyIU:EZxSpwmxvL/f3vCN1PMaLi6rAyIQjF
MD5:	30A0AFEE4AEA59772DB6434F1C0511AB
SHA1:	5D5C2D9B7736E018D2B36963E834D1AA0E32AF09
SHA-256:	D84149976BC94A21B21AA0BC99FCBDEE9D1AD4F3387D8B62B90F805AC300BA05
SHA-512:	5E8A85E2D028AD351BE255AE2C39BB518A10A4A467FD656E2472286FEE504EED87AFE7D4A728D7F8BC4261245C1DB8577DEEEE2388F39EB7EE48298E37949F53
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..o4..<4..<4..<=.`<"..<=.v<...<=.f<)..<4..<@..<=.q<o..<=.a<5..<=.d<5..<Rich4..<................PE..L......J................. ..........j........0...............................0......p.....@...... ..............................,....p..lY......................XC...................................=..@...............L............................text............ .................. ..`.data...`>...0.......$..............@....rsrc....`...p...Z...<..............@..@.reloc..._.......`..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\AX3-Driver\dpinst64.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1050104
Entropy (8bit):	5.617498652730841
Encrypted:	false
SSDEEP:	12288:uIId79EaUTvwieMozMEcOigSpuPMaLium:xIdqaWw1MsbTScP0
MD5:	BE3C79033FA8302002D9D3A6752F2263
SHA1:	A01147731F2E500282ECA5ECE149BCC5423B59D6
SHA-256:	181BF85D3B5900FF8ABED34BC415AFC37FC322D9D7702E14D144F96A908F5CAB
SHA-512:	77097F220CC6D22112B314D3E42B6EEDB9CCD72BEB655B34656326C2C63FB9209977DDAC20E9C53C4EC7CCC8EA6910F400F050F4B0CB98C9F42F89617965AAEA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J..........".......................................................................@.......... ......................................H...@.......pY...0..\m.......%...........................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc....`.......Z...v..............@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files\AX3-Driver\is-1AU9V.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715038
Entropy (8bit):	6.506108541840392
Encrypted:	false
SSDEEP:	12288:RRObekMtkfohrPUs37uzHnA6zgpKq35eERXprNrHIR3+j1vGgZpDExycl:LObekYkfohrP337uzHnA6cgqpeEFHR9+
MD5:	4E28A215B82F587828879C6B4252617E
SHA1:	7AE5C9C4816AA1E1B2F112D25167E39C6F2F24C8
SHA-256:	8AB70A2820EF47EF5D97AE7B4F41FA9F4FAB3C4273893E8A0908A36FD0DD8F13
SHA-512:	97AD579FFCB7D11B5CB1F1EB9FCAEA83F889E504C187592424381980F9B951B928091B8E587979B9CB68A2BE4A01D7B757D616A667BE7D651F6846AD4341C0CE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f..........pr............@..............................................@...............................%..................................................................................................................CODE.....d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Program Files\AX3-Driver\is-GKB03.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	921992
Entropy (8bit):	5.698587665358091
Encrypted:	false
SSDEEP:	6144:EZtaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIjsRP/1HHm/hHAM8i6r+LyIU:EZxSpwmxvL/f3vCN1PMaLi6rAyIQjF
MD5:	30A0AFEE4AEA59772DB6434F1C0511AB
SHA1:	5D5C2D9B7736E018D2B36963E834D1AA0E32AF09
SHA-256:	D84149976BC94A21B21AA0BC99FCBDEE9D1AD4F3387D8B62B90F805AC300BA05
SHA-512:	5E8A85E2D028AD351BE255AE2C39BB518A10A4A467FD656E2472286FEE504EED87AFE7D4A728D7F8BC4261245C1DB8577DEEEE2388F39EB7EE48298E37949F53
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..o4..<4..<4..<=.`<"..<=.v<...<=.f<)..<4..<@..<=.q<o..<=.a<5..<=.d<5..<Rich4..<................PE..L......J................. ..........j........0...............................0......p.....@...... ..............................,....p..lY......................XC...................................=..@...............L............................text............ .................. ..`.data...`>...0.......$..............@....rsrc....`...p...Z...<..............@..@.reloc..._.......`..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\AX3-Driver\is-HV6IN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Program Files\AX3-Driver\is-IA9T3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1050104
Entropy (8bit):	5.617498652730841
Encrypted:	false
SSDEEP:	12288:uIId79EaUTvwieMozMEcOigSpuPMaLium:xIdqaWw1MsbTScP0
MD5:	BE3C79033FA8302002D9D3A6752F2263
SHA1:	A01147731F2E500282ECA5ECE149BCC5423B59D6
SHA-256:	181BF85D3B5900FF8ABED34BC415AFC37FC322D9D7702E14D144F96A908F5CAB
SHA-512:	77097F220CC6D22112B314D3E42B6EEDB9CCD72BEB655B34656326C2C63FB9209977DDAC20E9C53C4EC7CCC8EA6910F400F050F4B0CB98C9F42F89617965AAEA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J..........".......................................................................@.......... ......................................H...@.......pY...0..\m.......%...........................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc....`.......Z...v..............@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files\AX3-Driver\is-J7GAN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	data
Category:	dropped
Size (bytes):	6348
Entropy (8bit):	7.054306729661913
Encrypted:	false
SSDEEP:	192:9TAEOwPKDyowJL/8Qpkqs1INID+ebCfMFJ:FSwyYJLu11VbCUJ
MD5:	8BE6BB8DC016993546D42E7DE1B9B050
SHA1:	B0BCB2A49C2C94044835868516C7C74DAD3F0344
SHA-256:	52C1051AC76AFE162DA3D764BF4C44E25D6D565D070BAADF7E638A563C37B04E
SHA-512:	47FCBA277BBE3E21DB144AD54A6315750E475E7264366D7AA89EAF24BB99C72BD066EE0C7838BA4DE8780761AA2B9BF8C64D4B764C84E68BC44FFED5E6F5741C
Malicious:	false
Preview:	0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.....P.d-&k.H.4^.[.....100313001938Z0...+.....7.....0...0....R6.5.A.A.B.4.5.E.E.E.B.0.C.8.3.8.8.D.D.E.C.4.C.9.C.E.6.9.8.3.B.B.4.E.2.1.9.6.7.F...1..s0D..+.....7...1604...F.i.l.e......."m.c.h.p._.m.s.d._.c.d.c...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........e..^..8.....i..N!..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.......0...0.....+.....7......0.....O.S.........2.0.0.0.,.X.P.X.8.6.,.X.P.X.6.4.,.S.e.r.v.e.r.2.0.0.3.X.8.6.,.S.e.r.v.e.r.2.0.0.3.X.6.4.,.V.i.s.t.a.X.8.6.,.V.i.s.t.a.X.6.4.,.S.e.r.v.e.r.2.0.0.8.X.8.6.,.S.e.r.v.e.r.2.0.0.8.X.6.4.,.7.X.8.6.,.7.X.6.4.,.S.e.r.v.e.r.2.0.0.8.R.2.X.6.4...0P..+.....7....B0@...H.W.I.D.2.......,u.s.b.\.v.i.d._.0.4.d.8.&.p.i.d._.0.0.0.a...0\..+.....7....N0L...H.W.I.D.1.......8u.s.b.\.v

C:\Program Files\AX3-Driver\mchp_MSD_CDC.inf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Program Files\AX3-Driver\mchp_msd_cdc.cat (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	data
Category:	dropped
Size (bytes):	6348
Entropy (8bit):	7.054306729661913
Encrypted:	false
SSDEEP:	192:9TAEOwPKDyowJL/8Qpkqs1INID+ebCfMFJ:FSwyYJLu11VbCUJ
MD5:	8BE6BB8DC016993546D42E7DE1B9B050
SHA1:	B0BCB2A49C2C94044835868516C7C74DAD3F0344
SHA-256:	52C1051AC76AFE162DA3D764BF4C44E25D6D565D070BAADF7E638A563C37B04E
SHA-512:	47FCBA277BBE3E21DB144AD54A6315750E475E7264366D7AA89EAF24BB99C72BD066EE0C7838BA4DE8780761AA2B9BF8C64D4B764C84E68BC44FFED5E6F5741C
Malicious:	false
Preview:	0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.....P.d-&k.H.4^.[.....100313001938Z0...+.....7.....0...0....R6.5.A.A.B.4.5.E.E.E.B.0.C.8.3.8.8.D.D.E.C.4.C.9.C.E.6.9.8.3.B.B.4.E.2.1.9.6.7.F...1..s0D..+.....7...1604...F.i.l.e......."m.c.h.p._.m.s.d._.c.d.c...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........e..^..8.....i..N!..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.......0...0.....+.....7......0.....O.S.........2.0.0.0.,.X.P.X.8.6.,.X.P.X.6.4.,.S.e.r.v.e.r.2.0.0.3.X.8.6.,.S.e.r.v.e.r.2.0.0.3.X.6.4.,.V.i.s.t.a.X.8.6.,.V.i.s.t.a.X.6.4.,.S.e.r.v.e.r.2.0.0.8.X.8.6.,.S.e.r.v.e.r.2.0.0.8.X.6.4.,.7.X.8.6.,.7.X.6.4.,.S.e.r.v.e.r.2.0.0.8.R.2.X.6.4...0P..+.....7....B0@...H.W.I.D.2.......,u.s.b.\.v.i.d._.0.4.d.8.&.p.i.d._.0.0.0.a...0\..+.....7....N0L...H.W.I.D.1.......8u.s.b.\.v

C:\Program Files\AX3-Driver\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	InnoSetup Log 64-bit AX3-Driver {C12D7D33-3050-44D8-8ADA-8ADCFA9368A5}, version 0x30, 1801 bytes, 675052\user, "C:\Program Files\AX3-Driver"
Category:	dropped
Size (bytes):	1801
Entropy (8bit):	4.687943713217746
Encrypted:	false
SSDEEP:	24:tCwwEgaMqtJZRg9B30VM+EZVRURyRSIRsGXYgIK/dJSFb7ObKV3aMUbuJab:tjwEgVqByq4Z7ICSssGIgIK8O2C1
MD5:	91AB661144DEAA9B70F76FCA55B1A811
SHA1:	56037E6C9C7F43A6DF20B97E009E64F605541E46
SHA-256:	06CE9695255C911034C6650018454EF7026DAE9167CD464672DA526188DA9647
SHA-512:	B4D1AF50DEC2CF8149FCA8C0E587A1E18C68621C77CE1FCBBB56B4D7BDA0D7833D1FD7FF0FAE1FD046B9F1099174FD45DD1A239D89A5FABAC15108CC455C9CAA
Malicious:	false
Preview:	Inno Setup Uninstall Log (b) 64-bit.............................{C12D7D33-3050-44D8-8ADA-8ADCFA9368A5}..........................................................................................AX3-Driver......................................................................................................................0...........%................................................................................................................"..=.................;....675052.user.C:\Program Files\AX3-Driver.........../.:.X.. ..........IFPS.............................................................................................................BOOLEAN......................!MAIN....-1..IS64BITINSTALLMODE...... .................................C:\Program Files\AX3-Driver>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default).(Default).english...........NameAndVersion....%1 version %2....AdditionalIcons....Additional icons:....CreateDesktopIcon....Create a &desktop icon....Create

C:\Program Files\AX3-Driver\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715038
Entropy (8bit):	6.506108541840392
Encrypted:	false
SSDEEP:	12288:RRObekMtkfohrPUs37uzHnA6zgpKq35eERXprNrHIR3+j1vGgZpDExycl:LObekYkfohrP337uzHnA6cgqpeEFHR9+
MD5:	4E28A215B82F587828879C6B4252617E
SHA1:	7AE5C9C4816AA1E1B2F112D25167E39C6F2F24C8
SHA-256:	8AB70A2820EF47EF5D97AE7B4F41FA9F4FAB3C4273893E8A0908A36FD0DD8F13
SHA-512:	97AD579FFCB7D11B5CB1F1EB9FCAEA83F889E504C187592424381980F9B951B928091B8E587979B9CB68A2BE4A01D7B757D616A667BE7D651F6846AD4341C0CE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f..........pr............@..............................................@...............................%..................................................................................................................CODE.....d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OmGui\OmGui.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Sep 19 13:47:49 2024, mtime=Thu Sep 19 13:47:49 2024, atime=Tue Nov 1 01:12:02 2022, length=1641984, window=hide
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	4.620105857299521
Encrypted:	false
SSDEEP:	24:8muprl/vDOE5dOENeGtl1AvfqdqACdZdjqtdZdjhVUUdQwqygm:8mupr5DB5dOy3evf9dZdutdZdFWnyg
MD5:	AE99623132B1F13A04DBD3BC326A7E0B
SHA1:	66B9904EC79B3765AE8C546C59A1710812F84BD1
SHA-256:	48AAFBE2685BB0FB01D9BFB6711497EC3CB4EF06D5C148AAA1FFA3688CB8731E
SHA-512:	55C48618656BBE599A59DA8F91CCCB3813E1189CAF0B6B4168BC34D53648A2385FD15E26FE62F1A378CED42847B38917AB08AADE0BCAF2D9E06D5D9FD3D253D0
Malicious:	false
Preview:	L..................F.... ...Y......\|........qT.................................P.O. .:i.....+00.../C:\.....................1.....3Y.u..PROGRA~2.........O.I3Y.u....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....d.1.....3Y.u..OPENMO~1..L......3Y.u3Y.u....L.....................D>2.O.p.e.n. .M.o.v.e.m.e.n.t.....T.1.....3Y.u..OMGUI~1.>......3Y.u3Y.u....'.....................n...O.M. .G.U.I.....\.2.....aU.. .OmGui.exe.D......3Y.u3Y.u.....J........................O.m.G.u.i...e.x.e.......d...............-.......c...........ggH......C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe..D.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I.\.O.m.G.u.i...e.x.e.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I.........*................@Z\|...K.J.........`.......X.......675052...........hT..CrF.f4... .6......../....%..hT..CrF.f4..

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OmGui\Uninstall OmGui.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Sep 19 13:47:49 2024, mtime=Thu Sep 19 13:47:49 2024, atime=Thu Sep 19 13:47:35 2024, length=3227197, window=hide
Category:	dropped
Size (bytes):	1252
Entropy (8bit):	4.646364356812567
Encrypted:	false
SSDEEP:	24:8mymtyZIE6dOEqerCyAUfqdqAe+dZdjHudZdjhVUUdu1pwqygm:8mTtyN6dOgCRUfx+dZdDudZdFWfyg
MD5:	A4E0697C155098DABF4C3907E6EE87AE
SHA1:	3295C3A79D7F2DFACA97E151BE970C2C95FD5977
SHA-256:	F4CD11C7D6626AE9175A68C594AD8D0968135387173075AE9B995E5A4714F375
SHA-512:	F4F514FFEBF7FFDF9AD1364D7637E8665610DAF357D67F433DF4F32CE1C4D8F2AA65E15075C18252CA4A3391C60BBF80A6BE95AD49255853C3B4D09DD8AC4F6B
Malicious:	false
Preview:	L..................F.... ...G).................=>1..........................P.O. .:i.....+00.../C:\.....................1.....3Y.u..PROGRA~2.........O.I3Y.u....................V.....D>2.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....d.1.....3Y.u..OPENMO~1..L......3Y.u3Y.u....L.....................D>2.O.p.e.n. .M.o.v.e.m.e.n.t.....T.1.....3Y.u..OMGUI~1.>......3Y.u3Y.u....'.....................n...O.M. .G.U.I.....f.2.=>1.3Y.u .unins000.exe..J......3Y.u3Y.u.....J...................."X/.u.n.i.n.s.0.0.0...e.x.e.......g...............-.......f...........ggH......C:\Program Files (x86)\Open Movement\OM GUI\unins000.exe..G.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I.\.u.n.i.n.s.0.0.0...e.x.e.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I.........*................@Z\|...K.J.........`.......X.......675052...........hT..CrF.f4... .<......../

C:\Users\Public\Desktop\OmGui.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Sep 19 13:47:49 2024, mtime=Thu Sep 19 13:47:50 2024, atime=Tue Nov 1 01:12:02 2022, length=1641984, window=hide
Category:	dropped
Size (bytes):	1215
Entropy (8bit):	4.629179265680838
Encrypted:	false
SSDEEP:	24:8muC7rl/vyZIE6dOEqeGtl1AvfqdqAMCdZdjqtdZdjhVUUdQwqygm:8mu6r5yN6dOX3evf2dZdutdZdFWnyg
MD5:	3547D9CEB068F53CFDD3D7E0D22B122C
SHA1:	753AFFCE461DE59090045A1CB99E11C8D1683044
SHA-256:	EBDF9EE282C348AAFA93A490D91C68F1C517814A85FF6AA091C38EE5547CA70E
SHA-512:	3E6F22F4FE0F5B62F32C820FE62C88E0895665084987D9770BB7D5289C02ACC4EFD3B296A89AE46FA95D0746A6C574ABC7BA2CA109A7328636AF5EDC2040E9B2
Malicious:	false
Preview:	L..................F.... ...Y..............qT.................................P.O. .:i.....+00.../C:\.....................1.....3Y.u..PROGRA~2.........O.I3Y.u....................V.....D>2.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....d.1.....3Y.u..OPENMO~1..L......3Y.u3Y.u....L.....................D>2.O.p.e.n. .M.o.v.e.m.e.n.t.....T.1.....3Y.u..OMGUI~1.>......3Y.u3Y.u....'.....................n...O.M. .G.U.I.....\.2.....aU.. .OmGui.exe.D......3Y.u3Y.u.....J........................O.m.G.u.i...e.x.e.......d...............-.......c...........ggH......C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe..;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I.\.O.m.G.u.i...e.x.e.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.O.p.e.n. .M.o.v.e.m.e.n.t.\.O.M. .G.U.I.........*................@Z\|...K.J.........`.......X.......675052...........hT..CrF.f4... .6......../....%..hT..CrF.f4... .6......../....%

C:\Users\user\AppData\Local\Temp\18uiblpb.0.cs

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	8629
Entropy (8bit):	4.321054307696951
Encrypted:	false
SSDEEP:	192:FilEaRaIaNpFREakaZayAEakaZa6paktUbnXrPGUceB8jacvqp48jadvzc89aZa5:YlEaRaIaNpFREakaZaTEakaZa6pBtUvu
MD5:	5C98605D245F865758B32AEF66DC051D
SHA1:	D1B385392AD4349876EFA2D118B6BA0D0A39BC2A
SHA-256:	E005307639CC3641B1E47EE59C66D3B2B1C9B6F9D47709654A2DBD4F6427B340
SHA-512:	B2ABCC8F00449F15C0AA013A3D6B7114751F4C214D2B0E02D553325E98BF65E8B1E9E64297CBC3DD38319601C1AF466F179EDC1399F9959B307A65154C71C67A
Malicious:	false
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("2.0.0.0")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterStringCollection : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_ArrayOfString(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"ArrayOfString", @"");.. return;.. }.. TopLevelElement();.. {.. global::System.Collections.Specialized.StringCollection a = (global::System.Collections.Specialized.StringCollection)((global::System.Collections.Specialized.StringCollection)o);.. if ((object)(a) == null) {.. WriteNullTagLiteral(@"ArrayOfString", @"");.. }..

C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (422), with no line terminators
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.515698478544795
Encrypted:	false
SSDEEP:	12:p3rknoT7UNvvz5NSfOH2rHc9ow16PlSfOHgA:Vgn8YzbeoAW1cleoL
MD5:	F788250A44ECA9047B4856D1740438DF
SHA1:	050CF258ED8D7D7534C7572D7D0C5EB07996DD05
SHA-256:	1C49CBE1AE22E39898255D966E3FB3F949586C38F43A4F5B766BA752FB90A39E
SHA-512:	1705787DAD8186E7B2C455D0BF47FED0059AA25173EA7221CF1D9E5ADE2043E3B64F1956766378BB62CC2E15B92C046830EFC39797A82D0BB17C4578EF07EA20
Malicious:	false
Preview:	./t:library /utf8output /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\18uiblpb.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\18uiblpb.0.cs"

C:\Users\user\AppData\Local\Temp\18uiblpb.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.379276111032197
Encrypted:	false
SSDEEP:	96:+nCPBUXHU8HZyqmTljdAc+0idfL9+Xw7YhamOyaPN2I50dPS9KiqI2XWDK:RGk8HcT3i0kL0w7YAmda1ZCUS
MD5:	0DD2E2484973610F071B9C83D90ED73E
SHA1:	133A9265F90B2B9F7B5959DAA8F859BD7B399B53
SHA-256:	78E34361A32173EDF08F72ECE15548170A2F497CBD3FBBFBBEF3E814138644F9
SHA-512:	B757304D69A056BC5147B851B435CF934B84ABA3748EE5DEC332A9F6B0B8FDAB417089FD44C3344E60FFA0B9E74E5CCE53D157EB41B743F81600D5F7DDC1BD33
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.f...........!................~1... ...@....@.. ....................................@.................................$1..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`1......H.......$$...............................................................0..\|........(.....-..r...pr...p(.....(.....t......-..r...pr...p(.....r...pr...p..(......+..r...pr...p..o....(......X...o....2..(.......(....*...0.............(....o....&.(....o.....@S....(....o.....{....@6....(....o.....{....@ ....(....:.....-.s......t......(....o....,..(....o....8.....(....o.....(....o....&...(.....8.....(....o.....3Z.(....o.....{....39.(....o.....{....3&.(....,...o....&+...(....o..

C:\Users\user\AppData\Local\Temp\18uiblpb.out

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (523), with CRLF line terminators
Category:	modified
Size (bytes):	730
Entropy (8bit):	5.602265907282555
Encrypted:	false
SSDEEP:	12:vbqwSqAs/nzR3rknoT7UNvvz5NSfOH2rHc9ow16PlSfOHg1Kai3SGzKIMBj6I5Bo:TqdqAenzdgn8YzbeoAW1cleoKKai3SGX
MD5:	9654B78062CE716DD470E69CFCFCE009
SHA1:	811614FE884665A6CB5462B971BC2BF490CD4AB4
SHA-256:	374B4AB8FEB1040FD538405C39BEF50312E4E083D0AAEFBDA3B0A20530569D7F
SHA-512:	503A85D78DA843C6FB97192976898F7278425175BB14E6E8546274EB7C1A320677624D8E5DF7E6F8FD7474FED6528EECAFA96B2388B065EEA07612159607ED34
Malicious:	false
Preview:	.C:\Program Files (x86)\Open Movement\OM GUI> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\18uiblpb.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\18uiblpb.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\CSC8732.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.1323815185970916
Encrypted:	false
SSDEEP:	12:DXt4Ii3nYAHia5YA49aUGiqMZAiN52ryJak7YnqqdPN5Rlq5z:+RI+ycuZhNhakSdPNdqt
MD5:	D1ED7858C7B579F89032688E5D66492C
SHA1:	467239CF66D5BE0547C024D0105FF7E29EDC6905
SHA-256:	BBB73B94721F148DD9D7F01EEFB283256926F1E64BD1C1963883E2A1BAEFDF6E
SHA-512:	BA54EE3E662A68D0F3595F52135C1C6305AA43ADC5916C4410699C318FE05E64CFF376EECDADD24AC46D1C95DF0428E2D987A1668362FE94991331BA972E8D2F
Malicious:	false
Preview:	.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....2...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.8.u.i.b.l.p.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.8.u.i.b.l.p.b...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...2...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...2...0...0...0...

C:\Users\user\AppData\Local\Temp\CSCB0D7.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.1176536576781713
Encrypted:	false
SSDEEP:	12:DXt4Ii3nYAHia5YA49aUGiqMZAiN52rydak7YnqqxPN5Rlq5z:+RI+ycuZhN1akSxPNdqt
MD5:	8627C25C03F92DADD5D162372FA1A277
SHA1:	71B668EFF848BF87F3D6CA2BAFDE469351DA55CC
SHA-256:	97F8CF09B4D6E88B3D1338B5D898E282226DF1DD28A08B0910530BD4CE32CA62
SHA-512:	A605F45E0EF908A98FB47EE5712B3CCE0395FC7ABCA95805C035E203EF4013E657496E39A0F6214E09BB85A819F8F7F9129F4CE39290DD47EFCF16DC83FBC7AB
Malicious:	false
Preview:	.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....2...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...y.n.u.r.x.t.o.n...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...y.n.u.r.x.t.o.n...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...2...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...2...0...0...0...

C:\Users\user\AppData\Local\Temp\RES8733.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols, created Thu Sep 19 14:49:24 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1196
Entropy (8bit):	3.6573807486853553
Encrypted:	false
SSDEEP:	24:Hg2jJ9Ye1eR2Q8XNeHdsUnhKbI+ycuZhNhakSdPNdq9td:AxewR2Q8Y9HnhKb1ulha3HU9H
MD5:	B24E0D9EA23EA0336F4E0B41A7833604
SHA1:	17DDEBE281DC970AA7528BFBF954C1362AA973E7
SHA-256:	18CB619E50C97179F8A0B64E15B87CD96D455239A2720ECA0C90622E449319B1
SHA-512:	10C623C90A09BCC02E9F7B8DCAA53B7EC6D12806CC23A23DF01D65FE5FD19F2E3490D2067168F936DC55C826E6CAA28869855490F6D1431C266402CC6C6C14AA
Malicious:	false
Preview:	L....9.f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........P...................@..@......../....c:\Users\user\AppData\Local\Temp\CSC8732.tmp..................xX.y..2h.]fI,......c...4.......C:\Users\user\AppData\Local\Temp\RES8733.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....2...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.8.u.i.b.l.p.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.8.u.i.b.l.p.b...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...2...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.

C:\Users\user\AppData\Local\Temp\RESB0D8.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols, created Thu Sep 19 14:48:29 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1196
Entropy (8bit):	3.6464717878937742
Encrypted:	false
SSDEEP:	24:HnijJ9Ye1e/hXNeHxUnhKbI+ycuZhN1akSxPNdq9td:H9ew/hYenhKb1ul1a3DU9H
MD5:	12CDAB678998168DBB725F20B4C95B42
SHA1:	91C7A884C1266CBEFDC6C8AFABE76E109A4A0C54
SHA-256:	4CA4100AFAD48099210D5671B39AA7A612AEC5AC09D5721AE518D4F8C643BA0C
SHA-512:	4B5842D9C22101769DDE02D06AB59AFAE6A44021E09702AE5638D829319A0B604651A6D688490D30BBF55C6D49D5E4CE20153805B15891EF52169C569FBAE366
Malicious:	false
Preview:	L....9.f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........P...................@..@......../....c:\Users\user\AppData\Local\Temp\CSCB0D7.tmp.................'.\..-...b7/..w......c...4.......C:\Users\user\AppData\Local\Temp\RESB0D8.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....2...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...y.n.u.r.x.t.o.n...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...y.n.u.r.x.t.o.n...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...2...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.

C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_isdecmp.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29472
Entropy (8bit):	7.042110181107409
Encrypted:	false
SSDEEP:	768:BD7FEAbd+EDsIOmF+OiR9rikW/F+M9OAriXiRQU:M07sIOYRiPWkWNl9WXil
MD5:	077CB4461A2767383B317EB0C50F5F13
SHA1:	584E64F1D162398B7F377CE55A6B5740379C4282
SHA-256:	8287D0E287A66EE78537C8D1D98E426562B95C50F569B92CEA9CE36A9FA57E64
SHA-512:	B1FCB0265697561EF497E6A60FCEE99DC5EA0CF02B4010DA9F5ED93BCE88BDFEA6BFE823A017487B8059158464EA29636AAD8E5F9DD1E8B8A1B6EAAAB670E547
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(..n ..(...(...(...$..(...$..(...$..(..Rich.(..................PE..L......B...........!..... ..........p........0....P..........................P.......................................;.......;..(....................4.. ?...@.......0...............................................0...............................text............ .................. ..`.rdata.......0.......$..............@..@.reloc.......@.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-AGSFD.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp

Download File

Process:	C:\Users\user\Desktop\AX3-GUI-45.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3203072
Entropy (8bit):	6.302566626610392
Encrypted:	false
SSDEEP:	49152:mdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjK333yD:nHDYsqiPRhINnq95FoHVBK333K
MD5:	48C6508A6FD96E62F8796701A0200C8F
SHA1:	833063ABFD008C67C79083AEEC9EACED8434ADB7
SHA-256:	E50218793C873317287BB8FC52099F1C474DB16ECCB3F21741C36AC2FF275132
SHA-512:	68252C1F34599BF74FEB1EBE885B08F3A9B88335ED1BE09FF74324B5E95B184170275014B9F53E2DC0FD9866BD4B65E53B3E43C4D242C40B2F2166EEBFA99859
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1...........@......@....................-.......-..9............................................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704512
Entropy (8bit):	6.498037567890168
Encrypted:	false
SSDEEP:	12288:ZRObekMtkfohrPUs37uzHnA6zgpKq35eERXprNrHIR3+j1vGgZpDExyc:jObekYkfohrP337uzHnA6cgqpeEFHR9A
MD5:	67C5A4F36E1C91A3B85E440EDD7AD026
SHA1:	E49EA0E558ED682498CC61B3070E4C402FBF0912
SHA-256:	99C299D6565AB53D9AF66E0146737DC0ECFBC52ECF4740825B552DB0CC4210C6
SHA-512:	40522D4645ECE0DB9888EA40D1A11356AA5EFC191184A0B97CB54A6C243532B1FC306E9095BBFA1F5DC02C8E52B709650230D1383532136E56CAEA3DC19A973E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f..........pr............@..............................................@...............................%..................................................................................................................CODE.....d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	4.026670007889822
Encrypted:	false
SSDEEP:	48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
MD5:	0EE914C6F0BB93996C75941E1AD629C6
SHA1:	12E2CB05506EE3E82046C41510F39A258A5E5549
SHA-256:	4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
SHA-512:	A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_isdecmp.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.745960477552938
Encrypted:	false
SSDEEP:	384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO
MD5:	A813D18268AFFD4763DDE940246DC7E5
SHA1:	C7366E1FD925C17CC6068001BD38EAEF5B42852F
SHA-256:	E19781AABE466DD8779CB9C8FA41BBB73375447066BB34E876CF388A6ED63C64
SHA-512:	B310ED4CD2E94381C00A6A370FCB7CC867EBE425D705B69CAAAAFFDAFBAB91F72D357966916053E72E68ECF712F2AF7585500C58BB53EC3E1D539179FCB45FB4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(..n ..(...(...(...$..(...$..(...$..(..Rich.(..................PE..L......B...........!..... ..........p........0....P..........................P.......................................;.......;..(............................@.......0...............................................0...............................text............ .................. ..`.rdata.......0.......$..............@..@.reloc.......@.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.215994423157539
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
MD5:	4FF75F505FDDCC6A9AE62216446205D9
SHA1:	EFE32D504CE72F32E92DCF01AA2752B04D81A342
SHA-256:	A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
SHA-512:	BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-VP94R.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ynurxton.0.cs

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	8629
Entropy (8bit):	4.321054307696951
Encrypted:	false
SSDEEP:	192:FilEaRaIaNpFREakaZayAEakaZa6paktUbnXrPGUceB8jacvqp48jadvzc89aZa5:YlEaRaIaNpFREakaZaTEakaZa6pBtUvu
MD5:	5C98605D245F865758B32AEF66DC051D
SHA1:	D1B385392AD4349876EFA2D118B6BA0D0A39BC2A
SHA-256:	E005307639CC3641B1E47EE59C66D3B2B1C9B6F9D47709654A2DBD4F6427B340
SHA-512:	B2ABCC8F00449F15C0AA013A3D6B7114751F4C214D2B0E02D553325E98BF65E8B1E9E64297CBC3DD38319601C1AF466F179EDC1399F9959B307A65154C71C67A
Malicious:	false
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("2.0.0.0")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterStringCollection : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_ArrayOfString(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"ArrayOfString", @"");.. return;.. }.. TopLevelElement();.. {.. global::System.Collections.Specialized.StringCollection a = (global::System.Collections.Specialized.StringCollection)((global::System.Collections.Specialized.StringCollection)o);.. if ((object)(a) == null) {.. WriteNullTagLiteral(@"ArrayOfString", @"");.. }..

C:\Users\user\AppData\Local\Temp\ynurxton.cmdline

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (422), with no line terminators
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.521348245353199
Encrypted:	false
SSDEEP:	6:pAu+HmkLWuoT7F20+vvFpw+oPoSc23feJHUzxscHc9olm14sQPIoSc23feT:p3rknoT7UNvvz5NSfaUrHc9ow16PlSfY
MD5:	3A847F092067AB04DCBA34AC966DC062
SHA1:	C81E723466FA6678F11A97D7BBA891A76FB705BE
SHA-256:	3FD058010467E035BFF6835862A861655DB6FA668567962B3737762BCED3871D
SHA-512:	317841718DA36F5D212A808C605B8FCD7B06ABA66FDCA1FD1D6D790468848F167B0310F34659FF7A4FB0016E7824DA69E95FBF34DDDF29CC5CE004679E56B902
Malicious:	true
Preview:	./t:library /utf8output /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\ynurxton.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\ynurxton.0.cs"

C:\Users\user\AppData\Local\Temp\ynurxton.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.375990970278926
Encrypted:	false
SSDEEP:	96:PnCPBUXHU8HZyqmTljdAc+0idfLP+Xw7YhamEyaPN2I50dPS9KiqI2xWXK:WGk8HcT3i0kL+w7YAmba1ZCUg
MD5:	559F38378B131E2B81385B10DE573117
SHA1:	7B3D2F068631A92C8E76539F310B5EDA46EDE112
SHA-256:	56048BB3C0959F956F075369A160123870F7E4AA3AB17D4BEE7483788F65D593
SHA-512:	C602C63C09BD23CBDEAA3CC06479837C53FEDEAD0EBB7D2B772C894FC110EEFE6B91D9EB7EEB97256FDA107FDAED85E2F7371A8E9DC2EF20151968490014E36B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.f...........!................~1... ...@....@.. ....................................@.................................$1..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`1......H.......$$...............................................................0..\|........(.....-..r...pr...p(.....(.....t......-..r...pr...p(.....r...pr...p..(......+..r...pr...p..o....(......X...o....2..(.......(....*...0.............(....o....&.(....o.....@S....(....o.....{....@6....(....o.....{....@ ....(....:.....-.s......t......(....o....,..(....o....8.....(....o.....(....o....&...(.....8.....(....o.....3Z.(....o.....{....39.(....o.....{....3&.(....,...o....&+...(....o..

C:\Users\user\AppData\Local\Temp\ynurxton.out

Download File

Process:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (523), with CRLF line terminators
Category:	modified
Size (bytes):	730
Entropy (8bit):	5.59454743968495
Encrypted:	false
SSDEEP:	12:vbqwSqAs/nzR3rknoT7UNvvz5NSfaUrHc9ow16PlSfNKai3SGzKIMBj6I5BFR5y:TqdqAenzdgn8Yzbe9W1cleNKai3SGzKS
MD5:	338B9B6A48A9FE81A7B0D08807D5AD05
SHA1:	B389AACDF481F212B0165288B3D0E69F2AF60872
SHA-256:	C42E5122A216B1DA3DC53836C317695B42E773AF0B2737DEFBE431DC8BF94A77
SHA-512:	5B0C2FD610C3CF93FBCF5F069C433C667C0E0CDE1E00373D8B47D10F866D052D18ED58EADB8F462F17C3987E9B342EDC609EEB4D271A5145ECA4F7134F942B47
Malicious:	false
Preview:	.C:\Program Files (x86)\Open Movement\OM GUI> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\ynurxton.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\ynurxton.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\SET4099.tmp

Download File

Process:	C:\Program Files\AX3-Driver\dpinst64.exe
File Type:	data
Category:	dropped
Size (bytes):	6348
Entropy (8bit):	7.054306729661913
Encrypted:	false
SSDEEP:	192:9TAEOwPKDyowJL/8Qpkqs1INID+ebCfMFJ:FSwyYJLu11VbCUJ
MD5:	8BE6BB8DC016993546D42E7DE1B9B050
SHA1:	B0BCB2A49C2C94044835868516C7C74DAD3F0344
SHA-256:	52C1051AC76AFE162DA3D764BF4C44E25D6D565D070BAADF7E638A563C37B04E
SHA-512:	47FCBA277BBE3E21DB144AD54A6315750E475E7264366D7AA89EAF24BB99C72BD066EE0C7838BA4DE8780761AA2B9BF8C64D4B764C84E68BC44FFED5E6F5741C
Malicious:	false
Preview:	0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.....P.d-&k.H.4^.[.....100313001938Z0...+.....7.....0...0....R6.5.A.A.B.4.5.E.E.E.B.0.C.8.3.8.8.D.D.E.C.4.C.9.C.E.6.9.8.3.B.B.4.E.2.1.9.6.7.F...1..s0D..+.....7...1604...F.i.l.e......."m.c.h.p._.m.s.d._.c.d.c...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........e..^..8.....i..N!..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.......0...0.....+.....7......0.....O.S.........2.0.0.0.,.X.P.X.8.6.,.X.P.X.6.4.,.S.e.r.v.e.r.2.0.0.3.X.8.6.,.S.e.r.v.e.r.2.0.0.3.X.6.4.,.V.i.s.t.a.X.8.6.,.V.i.s.t.a.X.6.4.,.S.e.r.v.e.r.2.0.0.8.X.8.6.,.S.e.r.v.e.r.2.0.0.8.X.6.4.,.7.X.8.6.,.7.X.6.4.,.S.e.r.v.e.r.2.0.0.8.R.2.X.6.4...0P..+.....7....B0@...H.W.I.D.2.......,u.s.b.\.v.i.d._.0.4.d.8.&.p.i.d._.0.0.0.a...0\..+.....7....N0L...H.W.I.D.1.......8u.s.b.\.v

C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\SET4107.tmp

Download File

Process:	C:\Program Files\AX3-Driver\dpinst64.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\mchp_MSD_CDC.cat (copy)

Download File

Process:	C:\Program Files\AX3-Driver\dpinst64.exe
File Type:	data
Category:	dropped
Size (bytes):	6348
Entropy (8bit):	7.054306729661913
Encrypted:	false
SSDEEP:	192:9TAEOwPKDyowJL/8Qpkqs1INID+ebCfMFJ:FSwyYJLu11VbCUJ
MD5:	8BE6BB8DC016993546D42E7DE1B9B050
SHA1:	B0BCB2A49C2C94044835868516C7C74DAD3F0344
SHA-256:	52C1051AC76AFE162DA3D764BF4C44E25D6D565D070BAADF7E638A563C37B04E
SHA-512:	47FCBA277BBE3E21DB144AD54A6315750E475E7264366D7AA89EAF24BB99C72BD066EE0C7838BA4DE8780761AA2B9BF8C64D4B764C84E68BC44FFED5E6F5741C
Malicious:	false
Preview:	0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.....P.d-&k.H.4^.[.....100313001938Z0...+.....7.....0...0....R6.5.A.A.B.4.5.E.E.E.B.0.C.8.3.8.8.D.D.E.C.4.C.9.C.E.6.9.8.3.B.B.4.E.2.1.9.6.7.F...1..s0D..+.....7...1604...F.i.l.e......."m.c.h.p._.m.s.d._.c.d.c...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........e..^..8.....i..N!..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.......0...0.....+.....7......0.....O.S.........2.0.0.0.,.X.P.X.8.6.,.X.P.X.6.4.,.S.e.r.v.e.r.2.0.0.3.X.8.6.,.S.e.r.v.e.r.2.0.0.3.X.6.4.,.V.i.s.t.a.X.8.6.,.V.i.s.t.a.X.6.4.,.S.e.r.v.e.r.2.0.0.8.X.8.6.,.S.e.r.v.e.r.2.0.0.8.X.6.4.,.7.X.8.6.,.7.X.6.4.,.S.e.r.v.e.r.2.0.0.8.R.2.X.6.4...0P..+.....7....B0@...H.W.I.D.2.......,u.s.b.\.v.i.d._.0.4.d.8.&.p.i.d._.0.0.0.a...0\..+.....7....N0L...H.W.I.D.1.......8u.s.b.\.v

C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\mchp_msd_cdc.inf (copy)

Download File

Process:	C:\Program Files\AX3-Driver\dpinst64.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Windows\DPINST.LOG

Download File

Process:	C:\Program Files\AX3-Driver\dpinst64.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	4174
Entropy (8bit):	3.672116084869238
Encrypted:	false
SSDEEP:	96:piXRC8653Q6GBYRQ63rgU97sIgJ7sI7j9Hr:V96r
MD5:	EE754B86EFBCF756DE85566DCA309696
SHA1:	B5623947F03E097A18888C2A5038221141A34274
SHA-256:	E3BB37B27DACF00351F15AA0655AE6EDC4FD91642ECD3A901265E554CA250639
SHA-512:	6C40224E64139B86376689C341055BD3A95CD4DD926794C98B780677C24544A3B28AE12ACA5AC0CE2B5398EA14D7B60078E066337A1E61B6E33FE71A04BE571D
Malicious:	false
Preview:	..I.N.F.O.:. . . .............................................I.N.F.O.:. . . .0.9./.1.9./.2.0.2.4. .1.0.:.4.7.:.5.9.....I.N.F.O.:. . . .P.r.o.d.u.c.t. .V.e.r.s.i.o.n. .2...1...0...0.......I.N.F.O.:. . . .V.e.r.s.i.o.n.:. .6...0...6.0.0.0. .....I.N.F.O.:. . . .P.l.a.t.f.o.r.m. .I.D.:. .2. .(.N.T.).....I.N.F.O.:. . . .S.e.r.v.i.c.e. .P.a.c.k.:. .0...0.....I.N.F.O.:. . . .S.u.i.t.e.:. .0.x.0.1.0.0.,. .P.r.o.d.u.c.t. .T.y.p.e.:. .1.....I.N.F.O.:. . . .A.r.c.h.i.t.e.c.t.u.r.e.:. .A.M.D.6.4.......I.N.F.O.:. . . .I.n.t.e.r.a.c.t.i.v.e. .W.i.n.d.o.w.s. .S.t.a.t.i.o.n.....I.N.F.O.:. . . .C.o.m.m.a.n.d. .L.i.n.e.:. .'.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.X.3.-.D.r.i.v.e.r.\.D.P.I.n.s.t.6.4...e.x.e.". ./.F. ./.S.A. ./.S.E. ./.S.W.'.....I.N.F.O.:. . . .D.P.I.n.s.t. .i.s. .n.o.t. .m.u.l.t.i.-.l.i.n.g.u.a.l.......I.N.F.O.:. . . .............................................I.N.F.O.:. . . .C.u.r.r.e.n.t. .w.o.r.k.i.n.g. .

C:\Windows\INF\oem4.inf

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Windows\INF\setupapi.dev.log

Download File

Process:	C:\Program Files\AX3-Driver\dpinst64.exe
File Type:	Generic INItialization configuration [BeginLog]
Category:	dropped
Size (bytes):	2495822
Entropy (8bit):	5.221504993164078
Encrypted:	false
SSDEEP:	12288:O+5cgeHJgnVKOs23GZFLJUVhjSGZxs2md:FGZF4SGZM
MD5:	DCE83B6E9ABEB032B17162FFD9452220
SHA1:	65FC746F29DDDF194568BCE3EA7175D52A12138E
SHA-256:	DD5ED82649D591EC06394183C3501BE832AF58675E6AC06CD34AFADED52FB2C6
SHA-512:	CAE3F0A0FE119BFC8CBC3EAAFCA6A018DE7B5C837EB02769894061B0C1E524FCF8619B5CE109387C963F83701C356F3A2760DC00500FC25613A364C4A0695DC3
Malicious:	false
Preview:	[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\SET4972.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	data
Category:	dropped
Size (bytes):	6348
Entropy (8bit):	7.054306729661913
Encrypted:	false
SSDEEP:	192:9TAEOwPKDyowJL/8Qpkqs1INID+ebCfMFJ:FSwyYJLu11VbCUJ
MD5:	8BE6BB8DC016993546D42E7DE1B9B050
SHA1:	B0BCB2A49C2C94044835868516C7C74DAD3F0344
SHA-256:	52C1051AC76AFE162DA3D764BF4C44E25D6D565D070BAADF7E638A563C37B04E
SHA-512:	47FCBA277BBE3E21DB144AD54A6315750E475E7264366D7AA89EAF24BB99C72BD066EE0C7838BA4DE8780761AA2B9BF8C64D4B764C84E68BC44FFED5E6F5741C
Malicious:	false
Preview:	0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.....P.d-&k.H.4^.[.....100313001938Z0...+.....7.....0...0....R6.5.A.A.B.4.5.E.E.E.B.0.C.8.3.8.8.D.D.E.C.4.C.9.C.E.6.9.8.3.B.B.4.E.2.1.9.6.7.F...1..s0D..+.....7...1604...F.i.l.e......."m.c.h.p._.m.s.d._.c.d.c...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........e..^..8.....i..N!..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.......0...0.....+.....7......0.....O.S.........2.0.0.0.,.X.P.X.8.6.,.X.P.X.6.4.,.S.e.r.v.e.r.2.0.0.3.X.8.6.,.S.e.r.v.e.r.2.0.0.3.X.6.4.,.V.i.s.t.a.X.8.6.,.V.i.s.t.a.X.6.4.,.S.e.r.v.e.r.2.0.0.8.X.8.6.,.S.e.r.v.e.r.2.0.0.8.X.6.4.,.7.X.8.6.,.7.X.6.4.,.S.e.r.v.e.r.2.0.0.8.R.2.X.6.4...0P..+.....7....B0@...H.W.I.D.2.......,u.s.b.\.v.i.d._.0.4.d.8.&.p.i.d._.0.0.0.a...0\..+.....7....N0L...H.W.I.D.1.......8u.s.b.\.v

C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\SET49E1.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	data
Category:	dropped
Size (bytes):	6348
Entropy (8bit):	7.054306729661913
Encrypted:	false
SSDEEP:	192:9TAEOwPKDyowJL/8Qpkqs1INID+ebCfMFJ:FSwyYJLu11VbCUJ
MD5:	8BE6BB8DC016993546D42E7DE1B9B050
SHA1:	B0BCB2A49C2C94044835868516C7C74DAD3F0344
SHA-256:	52C1051AC76AFE162DA3D764BF4C44E25D6D565D070BAADF7E638A563C37B04E
SHA-512:	47FCBA277BBE3E21DB144AD54A6315750E475E7264366D7AA89EAF24BB99C72BD066EE0C7838BA4DE8780761AA2B9BF8C64D4B764C84E68BC44FFED5E6F5741C
Malicious:	false
Preview:	0.....*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.....P.d-&k.H.4^.[.....100313001938Z0...+.....7.....0...0....R6.5.A.A.B.4.5.E.E.E.B.0.C.8.3.8.8.D.D.E.C.4.C.9.C.E.6.9.8.3.B.B.4.E.2.1.9.6.7.F...1..s0D..+.....7...1604...F.i.l.e......."m.c.h.p._.m.s.d._.c.d.c...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........e..^..8.....i..N!..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.......0...0.....+.....7......0.....O.S.........2.0.0.0.,.X.P.X.8.6.,.X.P.X.6.4.,.S.e.r.v.e.r.2.0.0.3.X.8.6.,.S.e.r.v.e.r.2.0.0.3.X.6.4.,.V.i.s.t.a.X.8.6.,.V.i.s.t.a.X.6.4.,.S.e.r.v.e.r.2.0.0.8.X.8.6.,.S.e.r.v.e.r.2.0.0.8.X.6.4.,.7.X.8.6.,.7.X.6.4.,.S.e.r.v.e.r.2.0.0.8.R.2.X.6.4...0P..+.....7....B0@...H.W.I.D.2.......,u.s.b.\.v.i.d._.0.4.d.8.&.p.i.d._.0.0.0.a...0\..+.....7....N0L...H.W.I.D.1.......8u.s.b.\.v

C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3468
Entropy (8bit):	5.026026054397683
Encrypted:	false
SSDEEP:	48:IfDVHdohChj9ISWF4h33bAcyIi03O4h33VAcyHUb6RZSi02CZ4NfFnf19T:ADN+0gSDhHFy/0xhH/yO6XSitNfB19T
MD5:	CCC987FA45B80FCD65BAB524EB913371
SHA1:	65AAB45EEEB0C8388DDEC4C9CE6983BB4E21967F
SHA-256:	F55FAFACB061FF437B7B616989027993A2F8EB7D9E641F4BC3B8FBDB75912C41
SHA-512:	E196455FB122DB0ACC249250527A343E35E35B0613D94C9113F967D5967F3BAC07B9DCF7625BC1B0D24F7B85ACA2196295A083D6BC75D65875B6D70C3D6393BF
Malicious:	false
Preview:	..; Microchip Composite Device MSD+CDC..; This driver is required only by the CDC part of a composite device. ..; The MSD part does not require any driver...;..;..; Copyright (c) 2000 Microsoft Corporation..; Copyright (C) 2007 Microchip Technology Inc.....[Version] ..Signature="$Windows NT$" ..Class=Ports..ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} ..Provider=%MFGNAME% ..LayoutFile=layout.inf..CatalogFile=mchp_MSD_CDC.cat..DriverVer=03/12/2010,5.1.2600.2....[Manufacturer] ..%MFGNAME%=DeviceList, NTamd64....[DestinationDirs] ..DefaultDestDir=12 ......;------------------------------------------------------------------------------..; Windows 2000/XP/Vista/7-32bit Sections..;------------------------------------------------------------------------------....[DriverInstall.nt] ..include=mdmcpq.inf..CopyFiles=DriverCopyFiles.nt..AddReg=DriverInstall.nt.AddReg ....[DriverCopyFiles.nt]..usbser.sys,,,0x20....[DriverInstall.nt.AddReg] ..HKR,,DevLoader,,*ntkern ..HKR,,NTMPDriver,,%DRIVERFIL

C:\Windows\System32\catroot2\dberr.txt

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	74105
Entropy (8bit):	5.39477709363887
Encrypted:	false
SSDEEP:	1536:LysP1+AnTNKJHnkjomNvk+zUPlFx+BZKHLuCyWr5S3XmrqZUIFr5sgP/rnEdC+wx:Ld
MD5:	D4B07F417454AB66B68CD915E8E1B350
SHA1:	19EE9D8D43A13F90E211DAEEE03C4750AAF9F803
SHA-256:	6AD1A78C75DB4AFA976A108149924D5FDBF050A2B2E2B0B91271A82260B3EF55
SHA-512:	6022FD976C1FC0F6B23D27DD7C03E56E01C1344E564A7E120FA419B9F52DA2C77026C7C217DC6F810BB1C352FABD3348B37D724D9F4F69B5D8664C75D46C0F67
Malicious:	false
Preview:	CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.9038059369412474
TrID:	Win32 Executable (generic) a (10002005/4) 98.45% Inno Setup installer (109748/4) 1.08% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02%
File name:	AX3-GUI-45.exe
File size:	6'029'717 bytes
MD5:	ae4414edd46c7769589c35beeee7d0de
SHA1:	e0885269d15b87afb2b3b8e570c7c06fc28db7eb
SHA256:	00de5f7503d19911ff05e808f91cd24b6a1ac2394048fd83e7061d531cd66b11
SHA512:	215eb60c81fb8e9fa26911fde1d6eb234627260d8cf9de69ce492ed6e5f8a44b2798acd8195c5fb5b4ec54e0ee3840e1439a55fc8e1e8f68a8681b6366291bcb
SSDEEP:	98304:ikLp6NF9h6jlYWrPEVFNXFEUUnUowrE3vh30ZsEqPfjnRSUYTVBfqYYGW:tEijlpEhVLUMrEfhEZsPjnRlYTVhYGW
TLSH:	4956123FB268613FC5AE1B3105B392509A7B7E52B81B8C2E17F0344DCF765601E3A696
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	cc97331129330e00

Static PE Info

General

Entrypoint:	0x4b5eec
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6258476F [Thu Apr 14 16:10:23 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	e569e6f445d32ba23766ad67d1e3787f

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 004B14B8h
call 00007F4524BA54E5h
xor eax, eax
push ebp
push 004B65E2h
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 004B659Eh
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [004BE634h]
call 00007F4524C47FD7h
call 00007F4524C47B2Ah
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007F4524BBAF84h
mov edx, dword ptr [ebp-14h]
mov eax, 004C1D84h
call 00007F4524BA00D7h
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [004C1D84h]
mov dl, 01h
mov eax, dword ptr [004238ECh]
call 00007F4524BBC107h
mov dword ptr [004C1D88h], eax
xor edx, edx
push ebp
push 004B654Ah
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F4524C4805Fh
mov dword ptr [004C1D90h], eax
mov eax, dword ptr [004C1D90h]
cmp dword ptr [eax+0Ch], 01h
jne 00007F4524C4E27Ah
mov eax, dword ptr [004C1D90h]
mov edx, 00000028h
call 00007F4524BBC9FCh
mov edx, dword ptr [004C1D90h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc4000	0x9a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2000	0xfdc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x1a0ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc22f4	0x254	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xc3000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb39e4	0xb3a00	43af0a9476ca224d8e8461f1e22c94da	False	0.34525867693110646	data	6.357635049994181	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xb5000	0x1688	0x1800	185e04b9a1f554e31f7f848515dc890c	False	0.54443359375	data	5.971425428435973	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xb7000	0x37a4	0x3800	cab2107c933b696aa5cf0cc6c3fd3980	False	0.36097935267857145	data	5.048648594372454	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xbb000	0x6de8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xc2000	0xfdc	0x1000	e7d1635e2624b124cfdce6c360ac21cd	False	0.3798828125	data	5.029087481102678	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0xc3000	0x1a4	0x200	8ced971d8a7705c98b173e255d8c9aa7	False	0.345703125	data	2.7509822285969876	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0xc4000	0x9a	0x200	8d4e1e508031afe235bf121c80fd7d5f	False	0.2578125	data	1.877162954504408	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xc5000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xc6000	0x5d	0x200	8f2f090acd9622c88a6a852e72f94e96	False	0.189453125	data	1.3838943752217987	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc7000	0x1a0ac	0x1a200	5874f8d3cdfe29832b62cc8daacb1b4e	False	0.19075209330143542	data	3.210472332173836	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc7558	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.476985559566787
RT_ICON	0xc7e00	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.296908315565032
RT_ICON	0xc8ca8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	English	United States	0.19508738781294285
RT_ICON	0xcced0	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	English	United States	0.1331923577428132
RT_ICON	0xdd6f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	United States	0.46283783783783783
RT_ICON	0xdd820	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.4046242774566474
RT_ICON	0xddd88	0x368	Device independent bitmap graphic, 16 x 32 x 24, image size 768	English	United States	0.5665137614678899
RT_STRING	0xde0f0	0x360	data			0.34375
RT_STRING	0xde450	0x260	data			0.3256578947368421
RT_STRING	0xde6b0	0x45c	data			0.4068100358422939
RT_STRING	0xdeb0c	0x40c	data			0.3754826254826255
RT_STRING	0xdef18	0x2d4	data			0.39226519337016574
RT_STRING	0xdf1ec	0xb8	data			0.6467391304347826
RT_STRING	0xdf2a4	0x9c	data			0.6410256410256411
RT_STRING	0xdf340	0x374	data			0.4230769230769231
RT_STRING	0xdf6b4	0x398	data			0.3358695652173913
RT_STRING	0xdfa4c	0x368	data			0.3795871559633027
RT_STRING	0xdfdb4	0x2a4	data			0.4275147928994083
RT_RCDATA	0xe0058	0x10	data			1.5
RT_RCDATA	0xe0068	0x2c4	data			0.6384180790960452
RT_RCDATA	0xe032c	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0xe0358	0x68	data	English	United States	0.7596153846153846
RT_VERSION	0xe03c0	0x584	data	English	United States	0.25920679886685555
RT_MANIFEST	0xe0944	0x765	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.39091389329107235

Imports

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
advapi32.dll	ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x4541a8
__dbk_fcall_wrapper	2	0x40d0a0
dbkFCallWrapperAddr	1	0x4be63c

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 16:48:30.601737976 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:30.601799011 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:30.601933956 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:30.677371025 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:30.677405119 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.145349026 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.145579100 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:31.163374901 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:31.163398981 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.163810015 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.207542896 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:31.216298103 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:31.259427071 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.383025885 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.383137941 CEST	443	64145	185.199.109.133	192.168.2.18
Sep 19, 2024 16:48:31.383177042 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:48:31.408678055 CEST	64145	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.402849913 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.402875900 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:25.402981997 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.421077967 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.421101093 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:25.892095089 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:25.892230034 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.897540092 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.897552967 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:25.897830009 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:25.946121931 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:25.987430096 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:26.138627052 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:26.138905048 CEST	443	64151	185.199.109.133	192.168.2.18
Sep 19, 2024 16:49:26.139066935 CEST	64151	443	192.168.2.18	185.199.109.133
Sep 19, 2024 16:49:26.139687061 CEST	64151	443	192.168.2.18	185.199.109.133

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 16:48:30.575720072 CEST	50875	53	192.168.2.18	1.1.1.1
Sep 19, 2024 16:48:30.583204031 CEST	53	50875	1.1.1.1	192.168.2.18

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 19, 2024 16:48:30.575720072 CEST	192.168.2.18	1.1.1.1	0x23ac	Standard query (0)	raw.githubusercontent.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 19, 2024 16:48:30.583204031 CEST	1.1.1.1	192.168.2.18	0x23ac	No error (0)	raw.githubusercontent.com	185.199.109.133	A (IP address)	IN (0x0001)	false
Sep 19, 2024 16:48:30.583204031 CEST	1.1.1.1	192.168.2.18	0x23ac	No error (0)	raw.githubusercontent.com	185.199.108.133	A (IP address)	IN (0x0001)	false
Sep 19, 2024 16:48:30.583204031 CEST	1.1.1.1	192.168.2.18	0x23ac	No error (0)	raw.githubusercontent.com	185.199.111.133	A (IP address)	IN (0x0001)	false
Sep 19, 2024 16:48:30.583204031 CEST	1.1.1.1	192.168.2.18	0x23ac	No error (0)	raw.githubusercontent.com	185.199.110.133	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

raw.githubusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.18	64145	185.199.109.133	443	1976	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 14:48:31 UTC	137	OUT	GET /digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini HTTP/1.1 Host: raw.githubusercontent.com Connection: Keep-Alive
2024-09-19 14:48:31 UTC	899	IN	HTTP/1.1 200 OK Connection: close Content-Length: 533 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "8f51619e3b2b10325b8bc736cd1b8a2c9f35bd2561ddf38a0142af3742c99742" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: D7B8:97344:FB1DE9:1148D54:66EC39BC Accept-Ranges: bytes Date: Thu, 19 Sep 2024 14:48:31 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890065-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1726757311.266618,VS0,VE71 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: ff487c5bc2aa1a875ba4219ae88b74a4f65a160d Expires: Thu, 19 Sep 2024 14:53:31 GMT Source-Age: 0
2024-09-19 14:48:31 UTC	533	IN	Data Raw: 3b 55 50 44 41 54 45 0d 0a 3b 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 6d 6f 76 65 6d 65 6e 74 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 73 76 6e 2f 64 6f 77 6e 6c 6f 61 64 73 2f 41 58 33 2f 6f 6d 67 75 69 2e 69 6e 69 0d 0a 3b 20 68 74 74 70 73 3a 2f 2f 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 69 67 69 74 61 6c 69 6e 74 65 72 61 63 74 69 6f 6e 2f 6f 70 65 6e 6d 6f 76 65 6d 65 6e 74 2f 6d 61 73 74 65 72 2f 44 6f 77 6e 6c 6f 61 64 73 2f 41 58 33 2f 6f 6d 67 75 69 2e 69 6e 69 0d 0a 0d 0a 5b 69 6e 73 74 61 6c 6c 5d 0d 0a 76 65 72 73 69 6f 6e 3d 31 2e 30 2e 30 2e 32 38 0d 0a 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 69 67 69 74 61 6c 69 6e Data Ascii: ;UPDATE; https://openmovement.googlecode.com/svn/downloads/AX3/omgui.ini; https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini[install]version=1.0.0.28;url=https://raw.githubusercontent.com/digitalin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.18	64151	185.199.109.133	443	2988	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 14:49:25 UTC	137	OUT	GET /digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini HTTP/1.1 Host: raw.githubusercontent.com Connection: Keep-Alive
2024-09-19 14:49:26 UTC	898	IN	HTTP/1.1 200 OK Connection: close Content-Length: 533 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "8f51619e3b2b10325b8bc736cd1b8a2c9f35bd2561ddf38a0142af3742c99742" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 7FE1:65FBB:4FE50F:57B647:66EC39F5 Accept-Ranges: bytes Date: Thu, 19 Sep 2024 14:49:26 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740069-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1726757366.996023,VS0,VE97 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: ecfaf501bc1b486aaf6b6233ac21870bb45f3f66 Expires: Thu, 19 Sep 2024 14:54:26 GMT Source-Age: 0
2024-09-19 14:49:26 UTC	533	IN	Data Raw: 3b 55 50 44 41 54 45 0d 0a 3b 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 6d 6f 76 65 6d 65 6e 74 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 73 76 6e 2f 64 6f 77 6e 6c 6f 61 64 73 2f 41 58 33 2f 6f 6d 67 75 69 2e 69 6e 69 0d 0a 3b 20 68 74 74 70 73 3a 2f 2f 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 69 67 69 74 61 6c 69 6e 74 65 72 61 63 74 69 6f 6e 2f 6f 70 65 6e 6d 6f 76 65 6d 65 6e 74 2f 6d 61 73 74 65 72 2f 44 6f 77 6e 6c 6f 61 64 73 2f 41 58 33 2f 6f 6d 67 75 69 2e 69 6e 69 0d 0a 0d 0a 5b 69 6e 73 74 61 6c 6c 5d 0d 0a 76 65 72 73 69 6f 6e 3d 31 2e 30 2e 30 2e 32 38 0d 0a 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 69 67 69 74 61 6c 69 6e Data Ascii: ;UPDATE; https://openmovement.googlecode.com/svn/downloads/AX3/omgui.ini; https://raw.githubusercontent.com/digitalinteraction/openmovement/master/Downloads/AX3/omgui.ini[install]version=1.0.0.28;url=https://raw.githubusercontent.com/digitalin

Target ID:	0
Start time:	10:47:35
Start date:	19/09/2024
Path:	C:\Users\user\Desktop\AX3-GUI-45.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AX3-GUI-45.exe"
Imagebase:	0x400000
File size:	6'029'717 bytes
MD5 hash:	AE4414EDD46C7769589C35BEEEE7D0DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:47:35
Start date:	19/09/2024
Path:	C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-GR4R3.tmp\AX3-GUI-45.tmp" /SL5="$3031E,5170833,869888,C:\Users\user\Desktop\AX3-GUI-45.exe"
Imagebase:	0x400000
File size:	3'203'072 bytes
MD5 hash:	48C6508A6FD96E62F8796701A0200C8F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:47:55
Start date:	19/09/2024
Path:	C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe"
Imagebase:	0x400000
File size:	930'090 bytes
MD5 hash:	0ABD9CF2D191036D778F6F1FBE25FAE1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:47:55
Start date:	19/09/2024
Path:	C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-VNBCP.tmp\setup-ax3-driver.tmp" /SL5="$303AC,681477,54272,C:\Program Files (x86)\Open Movement\OM GUI\setup-ax3-driver.exe"
Imagebase:	0x400000
File size:	704'512 bytes
MD5 hash:	67C5A4F36E1C91A3B85E440EDD7AD026
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:47:59
Start date:	19/09/2024
Path:	C:\Program Files\AX3-Driver\dpinst64.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\AX3-Driver\DPInst64.exe" /F /SA /SE /SW
Imagebase:	0x7ff7c4d70000
File size:	1'050'104 bytes
MD5 hash:	BE3C79033FA8302002D9D3A6752F2263
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:48:01
Start date:	19/09/2024
Path:	C:\Windows\System32\drvinst.exe
Wow64 process (32bit):	false
Commandline:	DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{97b4af8b-f908-ec4d-ae1d-f2d0fe90d613}\mchp_msd_cdc.inf" "9" "4987fa53f" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\ax3-driver"
Imagebase:	0x7ff6239f0000
File size:	337'920 bytes
MD5 hash:	294990C88B9D1FE0A54A1FA8BF4324D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	10:48:05
Start date:	19/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{7c625ec4-61d9-164e-840d-2046461dc20b} Global\{b92b5db1-df95-844c-847a-8711f98cae99} C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_msd_cdc.inf C:\Windows\System32\DriverStore\Temp\{c7591366-1cad-a840-8d6b-85fa1f42fd17}\mchp_MSD_CDC.cat
Imagebase:	0x7ff684240000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:48:20
Start date:	19/09/2024
Path:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe"
Imagebase:	0x320000
File size:	1'641'984 bytes
MD5 hash:	12FEEE099449453BA386F8FBA6C72090
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:48:28
Start date:	19/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ynurxton.cmdline"
Imagebase:	0x400000
File size:	80'296 bytes
MD5 hash:	2B9482EB5D3AF71029277E18F6C656C0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:48:29
Start date:	19/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c1080000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:48:29
Start date:	19/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB0D8.tmp" "c:\Users\user\AppData\Local\Temp\CSCB0D7.tmp"
Imagebase:	0x400000
File size:	35'296 bytes
MD5 hash:	E118330B4629B12368D91B9DF6488BE0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:49:23
Start date:	19/09/2024
Path:	C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe"
Imagebase:	0x630000
File size:	1'641'984 bytes
MD5 hash:	12FEEE099449453BA386F8FBA6C72090
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	10:49:24
Start date:	19/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\18uiblpb.cmdline"
Imagebase:	0x400000
File size:	80'296 bytes
MD5 hash:	2B9482EB5D3AF71029277E18F6C656C0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	10:49:24
Start date:	19/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c1080000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	10:49:24
Start date:	19/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8733.tmp" "c:\Users\user\AppData\Local\Temp\CSC8732.tmp"
Imagebase:	0x400000
File size:	35'296 bytes
MD5 hash:	E118330B4629B12368D91B9DF6488BE0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 0229360F Relevance: 4.6, Instructions: 4586COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000003.1815308152.0000000002280000.00000004.00001000.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_3_2280000_setup-ax3-driver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0636eba2635016f59d5bec733d7c0edb3189b6da1970a2fc3795a08173465bc
Instruction ID: 58ee5312253f7de3ed8653ffb94a699e35cd992ec45d27195f6b5a228d2b2050
Opcode Fuzzy Hash: e0636eba2635016f59d5bec733d7c0edb3189b6da1970a2fc3795a08173465bc
Instruction Fuzzy Hash: 1B82EAA205E7C25FD7074BB18C6A6A1BFB4AE1321470E46DBC4C0CF4E3E259499AC767

Analysis Process: OmGui.exePID: 1976, Parent PID: 1140COMMON

Execution Graph

Execution Coverage:	15.8%
Dynamic/Decrypted Code Coverage:	35.1%
Signature Coverage:	15.5%
Total number of Nodes:	561
Total number of Limit Nodes:	31

Executed Functions

Function 04DE18FB Relevance: 73.8, Strings: 53, Instructions: 7566
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tqk, xrefs: 04DE5265
Tqk, xrefs: 04DE4E2A
Tqk, xrefs: 04DE4589
k, xrefs: 04DE94E1
Tqk, xrefs: 04DE7EA1
Tqk, xrefs: 04DE2C0D
Tqk, xrefs: 04DE793D
Tjak, xrefs: 04DE9373
Tqk, xrefs: 04DE73D2
Tqk, xrefs: 04DE6D8F
Tqk, xrefs: 04DE3665
Tqk, xrefs: 04DE4C6A
Tqk, xrefs: 04DE5344
Tqk, xrefs: 04DE890C
Tqk, xrefs: 04DE4EE6
Tqk, xrefs: 04DE6F39
2Urj, xrefs: 04DE8BF2
Tqk, xrefs: 04DE62F1
Tqk, xrefs: 04DE42F3
2Urj, xrefs: 04DE7256
Tqk, xrefs: 04DE820B
Tqk, xrefs: 04DE448B
Tqk, xrefs: 04DE8615
Tqk, xrefs: 04DE3A2E
Tqk, xrefs: 04DE7C79
Tqk, xrefs: 04DE4FA2
Tqk, xrefs: 04DE505E
Tqk, xrefs: 04DE6C68
2Urj, xrefs: 04DE87A3
Tqk, xrefs: 04DE8739
Tqk, xrefs: 04DE4099
Tqk, xrefs: 04DE80D5
Tqk, xrefs: 04DE55DA
Tqk, xrefs: 04DE66F3
Tqk, xrefs: 04DE7B65
Tqk, xrefs: 04DE3B55
Tjak, xrefs: 04DE2D49
Tqk, xrefs: 04DE54DC
Tqk, xrefs: 04DE5410
Tqk, xrefs: 04DE6B2E
Tqk, xrefs: 04DE8DAC
Tqk, xrefs: 04DE7FA2
Tqk, xrefs: 04DE378C
Tqk, xrefs: 04DE7A51
Tqk, xrefs: 04DE5869
Tqk, xrefs: 04DE9511
Tqk, xrefs: 04DE7D8D
Tqk, xrefs: 04DE4D4A
Tqk, xrefs: 04DE38B3
Tqk, xrefs: 04DE570D
Tqk, xrefs: 04DE43BF
Tqk, xrefs: 04DE3CBD
Tqk, xrefs: 04DE4A86

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: k$2Urj$2Urj$2Urj$Tjak$Tjak$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk
API String ID: 0-3978921179
Opcode ID: d757dac55e349cf926c065366e1e676b2404ca9bb2a253f832b407123496b171
Instruction ID: e7bb3f01a9fada3154ee4edf97ae79d7fa89e35d9fbc13ec1377a5bdd27dc046
Opcode Fuzzy Hash: d757dac55e349cf926c065366e1e676b2404ca9bb2a253f832b407123496b171
Instruction Fuzzy Hash: 58F34A346017048FDB65DB34C858B9AB7B2FF89308F5188A9D45AAB761CF32AD85CF41

Function 04DE1900 Relevance: 73.8, Strings: 53, Instructions: 7566
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tqk, xrefs: 04DE5265
Tqk, xrefs: 04DE4E2A
Tqk, xrefs: 04DE4589
k, xrefs: 04DE94E1
Tqk, xrefs: 04DE7EA1
Tqk, xrefs: 04DE2C0D
Tqk, xrefs: 04DE793D
Tjak, xrefs: 04DE9373
Tqk, xrefs: 04DE73D2
Tqk, xrefs: 04DE6D8F
Tqk, xrefs: 04DE3665
Tqk, xrefs: 04DE4C6A
Tqk, xrefs: 04DE5344
Tqk, xrefs: 04DE890C
Tqk, xrefs: 04DE4EE6
Tqk, xrefs: 04DE6F39
2Urj, xrefs: 04DE8BF2
Tqk, xrefs: 04DE62F1
Tqk, xrefs: 04DE42F3
2Urj, xrefs: 04DE7256
Tqk, xrefs: 04DE820B
Tqk, xrefs: 04DE448B
Tqk, xrefs: 04DE8615
Tqk, xrefs: 04DE3A2E
Tqk, xrefs: 04DE7C79
Tqk, xrefs: 04DE4FA2
Tqk, xrefs: 04DE505E
Tqk, xrefs: 04DE6C68
2Urj, xrefs: 04DE87A3
Tqk, xrefs: 04DE8739
Tqk, xrefs: 04DE4099
Tqk, xrefs: 04DE80D5
Tqk, xrefs: 04DE55DA
Tqk, xrefs: 04DE66F3
Tqk, xrefs: 04DE7B65
Tqk, xrefs: 04DE3B55
Tjak, xrefs: 04DE2D49
Tqk, xrefs: 04DE54DC
Tqk, xrefs: 04DE5410
Tqk, xrefs: 04DE6B2E
Tqk, xrefs: 04DE8DAC
Tqk, xrefs: 04DE7FA2
Tqk, xrefs: 04DE378C
Tqk, xrefs: 04DE7A51
Tqk, xrefs: 04DE5869
Tqk, xrefs: 04DE9511
Tqk, xrefs: 04DE7D8D
Tqk, xrefs: 04DE4D4A
Tqk, xrefs: 04DE38B3
Tqk, xrefs: 04DE570D
Tqk, xrefs: 04DE43BF
Tqk, xrefs: 04DE3CBD
Tqk, xrefs: 04DE4A86

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: k$2Urj$2Urj$2Urj$Tjak$Tjak$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk
API String ID: 0-3978921179
Opcode ID: 1d13d4a8ab2f905536f9779891a8154e5213732a31dafe19e496c97d83af5abc
Instruction ID: bf3800ce132cf004fb7e3b93d065784b3a9b79efb33993602ffb40b7957a4e44
Opcode Fuzzy Hash: 1d13d4a8ab2f905536f9779891a8154e5213732a31dafe19e496c97d83af5abc
Instruction Fuzzy Hash: 3FF34A346017048FDB65DB34C858B9AB7B2FF89308F5188A9D45AAB761CF32AD85CF41

Function 04DEA320 Relevance: 51.0, Strings: 39, Instructions: 2265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:, xrefs: 04DEBF0E
1, xrefs: 04DEB7F7
Tqk, xrefs: 04DEB9B4
Tqk, xrefs: 04DEC24B
Tqk, xrefs: 04DEBDEF
Tqk, xrefs: 04DEBF72
7, xrefs: 04DEB39B
Tqk, xrefs: 04DEAAA3
Tqk, xrefs: 04DEC173
Tqk, xrefs: 04DEC704
V, xrefs: 04DEB762
:, xrefs: 04DEC6A0
Tqk, xrefs: 04DEB3FC
Tqk, xrefs: 04DEB6FC
8, xrefs: 04DEB953
7, xrefs: 04DEB51B
8, xrefs: 04DEBAAF
7, xrefs: 04DEBC0B
1, xrefs: 04DEBD8B
7, xrefs: 04DEB21B
), xrefs: 04DEADBE
P, xrefs: 04DEA72E
,, xrefs: 04DEB69B
L, xrefs: 04DEB0F7
Tqk, xrefs: 04DEC13D
Tqk, xrefs: 04DEB27C
Tqk, xrefs: 04DEC581
Tqk, xrefs: 04DEBC6C
Tqk, xrefs: 04DEA978
L, xrefs: 04DEA843
Tqk, xrefs: 04DEC1DF
k, xrefs: 04DEB8BE
Tqk, xrefs: 04DEBB10
A, xrefs: 04DEB606
:, xrefs: 04DEC51D
Tqk, xrefs: 04DEBFBA
Tqk, xrefs: 04DEB858
Tqk, xrefs: 04DEB57C
,, xrefs: 04DEB486

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: )$,$,$1$1$7$7$7$7$8$8$:$:$:$A$L$L$P$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$V$k
API String ID: 0-3056293081
Opcode ID: 418a66c46870c970ba5b0557d64c93a588dd80daa723238696f739697be435f2
Instruction ID: 94944177488d89d28ed1819fc511e786e661a08a60696dd24ef7d29b725a43f5
Opcode Fuzzy Hash: 418a66c46870c970ba5b0557d64c93a588dd80daa723238696f739697be435f2
Instruction Fuzzy Hash: B9331674600614CFDB69DB34C858BE9B7F2AF89304F5188A8D14AAB761CF36AD85CF41

Function 04DEA310 Relevance: 51.0, Strings: 39, Instructions: 2263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:, xrefs: 04DEBF0E
1, xrefs: 04DEB7F7
Tqk, xrefs: 04DEB9B4
Tqk, xrefs: 04DEC24B
Tqk, xrefs: 04DEBDEF
Tqk, xrefs: 04DEBF72
7, xrefs: 04DEB39B
Tqk, xrefs: 04DEAAA3
Tqk, xrefs: 04DEC173
Tqk, xrefs: 04DEC704
V, xrefs: 04DEB762
:, xrefs: 04DEC6A0
Tqk, xrefs: 04DEB3FC
Tqk, xrefs: 04DEB6FC
8, xrefs: 04DEB953
7, xrefs: 04DEB51B
8, xrefs: 04DEBAAF
7, xrefs: 04DEBC0B
1, xrefs: 04DEBD8B
7, xrefs: 04DEB21B
), xrefs: 04DEADBE
P, xrefs: 04DEA72E
,, xrefs: 04DEB69B
L, xrefs: 04DEB0F7
Tqk, xrefs: 04DEC13D
Tqk, xrefs: 04DEB27C
Tqk, xrefs: 04DEC581
Tqk, xrefs: 04DEBC6C
Tqk, xrefs: 04DEA978
L, xrefs: 04DEA843
Tqk, xrefs: 04DEC1DF
k, xrefs: 04DEB8BE
Tqk, xrefs: 04DEBB10
A, xrefs: 04DEB606
:, xrefs: 04DEC51D
Tqk, xrefs: 04DEBFBA
Tqk, xrefs: 04DEB858
Tqk, xrefs: 04DEB57C
,, xrefs: 04DEB486

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: )$,$,$1$1$7$7$7$7$8$8$:$:$:$A$L$L$P$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$Tqk$V$k
API String ID: 0-3056293081
Opcode ID: 566a4a17b06aed4d3440de03fa22279bca9789837e7bf386004440c4d7aaa422
Instruction ID: 1526d7e49555e8490a03030144b1db74a4c38dd6614c21f2d8369772d98be29a
Opcode Fuzzy Hash: 566a4a17b06aed4d3440de03fa22279bca9789837e7bf386004440c4d7aaa422
Instruction Fuzzy Hash: 09331674600604CFDB69DB34C858BE9B7F2AF89304F5188A8D14AAB761CF36AD85CF41

Function 6D762440 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 322
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

DeviceID, xrefs: 6D7626CF
`lv, xrefs: 6D762555
SELECT PNPDeviceID, DeviceID FROM Win32_DiskDrive WHERE InterfaceType='USB', xrefs: 6D7624EF
PNPDeviceID, xrefs: 6D762671
[USBSTOR->DEVICEID->DEVICENUMBER] %s -> %s -> %u, xrefs: 6D76279E
WQL, xrefs: 6D762501

Memory Dump Source

Source File: 00000011.00000002.2435157313.000000006D761000.00000020.00000001.01000000.00000015.sdmp, Offset: 6D760000, based on PE: true

Associated: 00000011.00000002.2435117943.000000006D760000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435380627.000000006D787000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435460926.000000006D791000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435495634.000000006D793000.00000002.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6d760000_OmGui.jbxd

Similarity

API ID: Initialize
String ID: DeviceID$PNPDeviceID$SELECT PNPDeviceID, DeviceID FROM Win32_DiskDrive WHERE InterfaceType='USB'$WQL$[USBSTOR->DEVICEID->DEVICENUMBER] %s -> %s -> %u$`lv
API String ID: 2538663250-369047588
Opcode ID: 0885bb218b52ebda763ae5bbeaed06689798ec5828147b42989099f3ac248585
Instruction ID: 060378fb7a3f949c6b53094d25256101d0ab31b35d530c5b921d0c8bede84834
Opcode Fuzzy Hash: 0885bb218b52ebda763ae5bbeaed06689798ec5828147b42989099f3ac248585
Instruction Fuzzy Hash: 96C17271A01259AFDB20DF54CD88BD9B779EF48724F2041E9EA09A72C1E7706E84CF61

Function 6D763C20 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 303
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowLongW.USER32(?,000000EB,00000008), ref: 6D763EAF
GetWindowLongW.USER32(?,000000EB), ref: 6D763EBA
DefWindowProcW.USER32(?,?,?,?,?,00000008,00000000), ref: 6D763ECF
PostQuitMessage.USER32(?), ref: 6D763F08
RegisterDeviceNotificationW.USER32 ref: 6D763F47
MessageBoxA.USER32(00000000,Error registering device finder device interface,Error,00000000), ref: 6D763F68
UnregisterDeviceNotification.USER32(?), ref: 6D763F78
KiUserCallbackDispatcher.NTDLL(?,?,00000008,00000000), ref: 6D763F7F
DefWindowProcW.USER32(?,?,?,?,?,00000008,00000000), ref: 6D763FA0

Strings

, xrefs: 6D763F32
Error, xrefs: 6D763F5D
Error registering device finder device interface, xrefs: 6D763F62

Memory Dump Source

Source File: 00000011.00000002.2435157313.000000006D761000.00000020.00000001.01000000.00000015.sdmp, Offset: 6D760000, based on PE: true

Associated: 00000011.00000002.2435117943.000000006D760000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435380627.000000006D787000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435460926.000000006D791000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435495634.000000006D793000.00000002.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6d760000_OmGui.jbxd

Similarity

API ID: Window$DeviceLongMessageNotificationProc$CallbackDispatcherPostQuitRegisterUnregisterUser
String ID: $Error$Error registering device finder device interface
API String ID: 3722141207-1522381284
Opcode ID: d3130800ab06ca1f4fb9e97eca876594a96f0808a1452362af086048b94758f4
Instruction ID: 6a8a809ef7f08e5bfd7f66d5fcd5125c1cd3946845068975f0b5c1b64a6aad5d
Opcode Fuzzy Hash: d3130800ab06ca1f4fb9e97eca876594a96f0808a1452362af086048b94758f4
Instruction Fuzzy Hash: 3BA107716047805BE3188B38CE4876AB6B5AF45325F184A2DF996C7AD1E375E480CB73

Function 07921D80 Relevance: 2.4, Strings: 1, Instructions: 1103COMMON

Download Yara Rule

Strings

d, xrefs: 07922398

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 87c5cb191412e9cf60299616a278e80ce38ff8d1e4417504bedbcf50582b47f4
Instruction ID: 83f6e68de7a16da5d748f5b4b0bb1ac73c2e3601a9f65bf17e2f5fac23abe73d
Opcode Fuzzy Hash: 87c5cb191412e9cf60299616a278e80ce38ff8d1e4417504bedbcf50582b47f4
Instruction Fuzzy Hash: ACB20874A002259FDB24DF24C994BD9BBF2FF49304F1181A9E909AB355DB71AE85CF40

Function 07F345C8 Relevance: 2.0, Strings: 1, Instructions: 759COMMON

Download Yara Rule

Strings

h^k, xrefs: 07F3464F

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: h^k
API String ID: 0-424926552
Opcode ID: 57e8772c5e7f209670c1f5ffb4a8cba69a9cd894e3363578e933727cab618161
Instruction ID: fc771dba8b0741bec6fcd3a396a3ad6333513b1674e9b1cfa677166552c0fb8d
Opcode Fuzzy Hash: 57e8772c5e7f209670c1f5ffb4a8cba69a9cd894e3363578e933727cab618161
Instruction Fuzzy Hash: C1626CB4B002158FDB14DB34C995BAEB7F6BF88308F2580A9D40ADB794DB75AC45CB81

Function 07F345C3 Relevance: 1.7, Strings: 1, Instructions: 446COMMON

Download Yara Rule

Strings

h^k, xrefs: 07F3464F

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: h^k
API String ID: 0-424926552
Opcode ID: ef813a5addba371ba6b045bdfa12aa11f37e8058d3f7ce7aa3a6a75e4aa65bc7
Instruction ID: c8c8ec011decc4797fe7c1554b3d9fb42e772f6865e0ee23d8d735e40d4cb109
Opcode Fuzzy Hash: ef813a5addba371ba6b045bdfa12aa11f37e8058d3f7ce7aa3a6a75e4aa65bc7
Instruction Fuzzy Hash: D3028BB4B002158FDB14DF38C995BAEB7E6BF88304F1580A9D40A9B394DB75AC45CF91

Function 064169B7 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 06416A37

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: d51c246b83410fcacec52dd4960bc27a050102f972cb26cbb5ba9fb896080bf2
Instruction ID: 2478ccfff6765376ed5b22bd19fdc0854bea3804128e37f251db77275b3c809e
Opcode Fuzzy Hash: d51c246b83410fcacec52dd4960bc27a050102f972cb26cbb5ba9fb896080bf2
Instruction Fuzzy Hash: DB218D765097809FDB228F25DC44A52BFB4EF06310F09849AE9858F663D271E908CB62

Function 064169EE Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 06416A37

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 479ff807307fef451e47872b40f32667f107c11b306707f062c708e7dbda14ba
Instruction ID: 155f77f6c3bd3cca7cfb9a2126c1f672570cae7786439dd2ce5648eae317089c
Opcode Fuzzy Hash: 479ff807307fef451e47872b40f32667f107c11b306707f062c708e7dbda14ba
Instruction Fuzzy Hash: B911A0365002009FEB21CF55D944B56FBE4FF05320F08C4AAED458F662D331E418CBA1

Function 00A3A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00A3A0D5

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a7bd169aad7a97c1bf7ec66f34fa5e2f5f74f249b647f5e2580e9435d47aeb7d
Instruction ID: 09cbdb304f2b7d1c220261806236ee82b3c647fe0eb587844fac2b734c949f87
Opcode Fuzzy Hash: a7bd169aad7a97c1bf7ec66f34fa5e2f5f74f249b647f5e2580e9435d47aeb7d
Instruction Fuzzy Hash: 2D01BC365002409FDB20CF55D988B62FBE4FF55720F08C4AAEE898B652D375E448CBA2

Function 06413CD6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06413D08

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: efb8c78044c639b386231bce8a1d2f40ef4fc483b4c5547b1d1962b3575dfa1f
Instruction ID: c219aa5646ca7f568fada0e4b0e274925104161be377c4e791f83c07a62f9632
Opcode Fuzzy Hash: efb8c78044c639b386231bce8a1d2f40ef4fc483b4c5547b1d1962b3575dfa1f
Instruction Fuzzy Hash: C001AD758002449FEB51CF15DA89766FBE4EF44720F08C4ABDD488F352D279A808CAA2

Function 07F30070 Relevance: 1.5, Instructions: 1527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 307650f5dce7361adb3ba1ca7c68c36499ace3c90480cd41f1d99cda26b84be6
Instruction ID: 39f8daa2a36fce708280bbacba3fc648ce35ff90311b204881d6536d4734351c
Opcode Fuzzy Hash: 307650f5dce7361adb3ba1ca7c68c36499ace3c90480cd41f1d99cda26b84be6
Instruction Fuzzy Hash: D2F20AB4A00219CFDB64DF24C998B99B7B2FF89304F1481E9D519AB395DB31AE85CF40

Function 079239C8 Relevance: 1.1, Instructions: 1064COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b3e45b786be626e5d3025ebdbe75c7cb685e45ff90b58ec15aabf88441aa026
Instruction ID: da2b385f6d38ba6421ab1b6f785bb52fd3a5277acd990c5c6fb554f09bad48b7
Opcode Fuzzy Hash: 0b3e45b786be626e5d3025ebdbe75c7cb685e45ff90b58ec15aabf88441aa026
Instruction Fuzzy Hash: 9AB21B74A00229CFDB64DF24C988B99B7B2FF89314F1581E9E919A7365DB709E81CF40

Function 04DED980 Relevance: 1.0, Instructions: 1049COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639b3e0623403298d53182349645b744249fc0081ff9a0669506874e85b866ec
Instruction ID: d22d59b468b8117a4420d642dd5b17cc4f882d0fefceab30ef278d0d41a5146f
Opcode Fuzzy Hash: 639b3e0623403298d53182349645b744249fc0081ff9a0669506874e85b866ec
Instruction Fuzzy Hash: 89B2F574A01229CFDB64DF69C988B99B7F2BF48304F1485E9D849AB351DB70AE85CF40

Function 07F378D8 Relevance: .6, Instructions: 607COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92cc5b1c456640cdf27726590496b77329adf1445add85ad36d4504f6d262245
Instruction ID: ce983e7e14457689d2ae8d725346b6b1b1682509f920de91c253ab810eb22eb4
Opcode Fuzzy Hash: 92cc5b1c456640cdf27726590496b77329adf1445add85ad36d4504f6d262245
Instruction Fuzzy Hash: F5423A74A00215CFCB259F34C984BEEBBB6BF88304F1588A9D54AA7254DF34AD99CF50

Function 07F3006F Relevance: .5, Instructions: 533COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6604f66f6fc8dd88feaa2e8831b5aa502309a57b188a5901111059d4f9dfaa2f
Instruction ID: 68a9693cce8669ea42ce246e23e582c69949f3b38f67c34528a127d9c974db01
Opcode Fuzzy Hash: 6604f66f6fc8dd88feaa2e8831b5aa502309a57b188a5901111059d4f9dfaa2f
Instruction Fuzzy Hash: 7442B9B4A00229CFDB64DF24C988B99B7F2BF49305F1481E9D419A7391DB709E85CF51

Function 0792E8DB Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50cfda47494762ab8abf211e72278c969eb60418d9b78698cd3e66ff139b262c
Instruction ID: b445f90ad68293793d4c2594c3171592b0ed90c72d35838a58fe42e3d997a4a0
Opcode Fuzzy Hash: 50cfda47494762ab8abf211e72278c969eb60418d9b78698cd3e66ff139b262c
Instruction Fuzzy Hash: 342227B4A002198FDB24DFA8C488A9DBBB2FF49314F1485A9E819EB355D730ED46DF50

Function 07924291 Relevance: .4, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbe338aed7d55dcb8b88c1f33d518df182b44bdb93e6990ce951bef4d57dd6c
Instruction ID: 5fef510c966d1c954ca9a909ad5e80f60afb0b8bc64433ef252402a7bf5de14c
Opcode Fuzzy Hash: 1fbe338aed7d55dcb8b88c1f33d518df182b44bdb93e6990ce951bef4d57dd6c
Instruction Fuzzy Hash: FE22F674A00229CFDB64DF24C988B99B7B2FF89304F1481E9D959A7365DB319E82DF40

Function 079243F5 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aafeb40bc5426f49528cf78c0f48220862ff6f5d53dd1e2332259153b3ef901
Instruction ID: 895406a86ab677952c27d4d68fca66d8018e70961041e025d86c3fe4ec9e359f
Opcode Fuzzy Hash: 8aafeb40bc5426f49528cf78c0f48220862ff6f5d53dd1e2332259153b3ef901
Instruction Fuzzy Hash: 500217B4A00229CFDB64DF24C888B9DB7B2FF89304F1481A9D959A7365CB319D82DF40

Function 6D761F80 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 321
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetupDiGetClassDevsW.SETUPAPI(6D787290,00000000,00000000,00000012), ref: 6D761FF5
SetupDiEnumDeviceInfo.SETUPAPI(00000000,00000000,?), ref: 6D76201E
CM_Get_Parent.SETUPAPI(?,?,00000000,?,D92004BF,00000000,?,00000000), ref: 6D76204B
CM_Get_Device_IDW.SETUPAPI(00000000,?,00000100,00000000,?,D92004BF,00000000,?,00000000), ref: 6D76206D
__cftoe.LIBCMT ref: 6D762089
CM_Get_Device_IDW.SETUPAPI(?,?,00000100,00000000,?,?,?,?,?,?,?,?,?,D92004BF,00000000,?), ref: 6D7620D6
__cftoe.LIBCMT ref: 6D7620F2
CM_Get_Parent.SETUPAPI(00000000,00000000,00000000), ref: 6D762113
CM_Get_Device_IDW.SETUPAPI(00000000,?,00000100,00000000), ref: 6D762135
__cftoe.LIBCMT ref: 6D762151

Strings

[USB->USBSTOR] %s -> %s, xrefs: 6D76223B
USB\VID_%04X&PID_%04X, xrefs: 6D761FDA

Memory Dump Source

Source File: 00000011.00000002.2435157313.000000006D761000.00000020.00000001.01000000.00000015.sdmp, Offset: 6D760000, based on PE: true

Associated: 00000011.00000002.2435117943.000000006D760000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435380627.000000006D787000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435460926.000000006D791000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435495634.000000006D793000.00000002.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6d760000_OmGui.jbxd

Similarity

API ID: Get_$Device___cftoe$ParentSetup$ClassDeviceDevsEnumInfo
String ID: USB\VID_%04X&PID_%04X$[USB->USBSTOR] %s -> %s
API String ID: 2323714233-1325786813
Opcode ID: ce04668708c8f7e2a78f555c0d31bf30b0cbd013ac9c40c667340a6459b4b727
Instruction ID: f8b5622112466d377e123e305add276df0eb69c457c15ca6bf5abcb0188186de
Opcode Fuzzy Hash: ce04668708c8f7e2a78f555c0d31bf30b0cbd013ac9c40c667340a6459b4b727
Instruction Fuzzy Hash: 05C1E6B19051589FDB24DF24CE48BEAB77EAF85314F4041E5E909A7182EB326B84CF61

Function 6D762DE0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstVolumeW.KERNEL32(?,00000104,00000000,00000000,00000000), ref: 6D762E3D
__fassign.LIBCMT ref: 6D762EE0

Strings

\, xrefs: 6D762EBE
\, xrefs: 6D762EA9
[PHYSICALVOLUME->VOLUMENAME volume-name non-matched, skipped] %s, xrefs: 6D763103
?, xrefs: 6D762E9B
\, xrefs: 6D762E8D

Memory Dump Source

Source File: 00000011.00000002.2435157313.000000006D761000.00000020.00000001.01000000.00000015.sdmp, Offset: 6D760000, based on PE: true

Associated: 00000011.00000002.2435117943.000000006D760000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435380627.000000006D787000.00000002.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435460926.000000006D791000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000011.00000002.2435495634.000000006D793000.00000002.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6d760000_OmGui.jbxd

Similarity

API ID: FindFirstVolume__fassign
String ID: ?$[PHYSICALVOLUME->VOLUMENAME volume-name non-matched, skipped] %s$\$\$\
API String ID: 1573405772-2812856083
Opcode ID: 163818b6a33774f47d247a2e4b19bd5f882145f4c917f2160ca158925e45ec75
Instruction ID: 16cfc508ffdc98964df99ab14e60fa2b7a4ecbfe05de98901b812c196d83296f
Opcode Fuzzy Hash: 163818b6a33774f47d247a2e4b19bd5f882145f4c917f2160ca158925e45ec75
Instruction Fuzzy Hash: DB41C871E042585BCB249B60DD49FAA73BCFB08324F4405BAEA19D7181F7755788CA52

Function 04DE0690 Relevance: 4.0, Strings: 3, Instructions: 285COMMON

Download Yara Rule

Strings

Tqk, xrefs: 04DE0A24
Tqk, xrefs: 04DE0A48
Tqk, xrefs: 04DE0759

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: Tqk$Tqk$Tqk
API String ID: 0-128511971
Opcode ID: 2bd280c56be8d09cd3204d63b7d6ce38b36871ae63fc323b19c28ffc4bdf3179
Instruction ID: b956e1fa445bd1460771d0419caf972136acf366c51ed4245c4a83e5d8f75230
Opcode Fuzzy Hash: 2bd280c56be8d09cd3204d63b7d6ce38b36871ae63fc323b19c28ffc4bdf3179
Instruction Fuzzy Hash: 67B11B747042108FD768EB38C4586AE76E7AFC9308F55886DD44A9B7A6CF35EC068B81

Function 04DE0688 Relevance: 4.0, Strings: 3, Instructions: 280COMMON

Download Yara Rule

Strings

Tqk, xrefs: 04DE0A24
Tqk, xrefs: 04DE0A48
Tqk, xrefs: 04DE0759

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: Tqk$Tqk$Tqk
API String ID: 0-128511971
Opcode ID: 49b7d03166c53abb9ec32b47af3ad5b8f3c1ff9762367c5d336ebd7b5f9653f1
Instruction ID: 8431ac41fad2dcd80c0557c1302b475530173cff7e65a4eeea7cdde2f67db293
Opcode Fuzzy Hash: 49b7d03166c53abb9ec32b47af3ad5b8f3c1ff9762367c5d336ebd7b5f9653f1
Instruction Fuzzy Hash: C5A11C747042108FD769EB38C4587AE77A3AFCA308F55486DD44A9B7A6CF35AC06CB81

Function 064137DE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 0641387B

Strings

xkT, xrefs: 06413807

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CreateDirectory
String ID: xkT
API String ID: 4241100979-2662296079
Opcode ID: 3148b2f1532191f997d79dd8045439cd79c8a669360e9a94413b4b04be962559
Instruction ID: 554b35c70f96f53b774a04d47347ebf5eb6e882d1a60cd763ef489d445aeebc7
Opcode Fuzzy Hash: 3148b2f1532191f997d79dd8045439cd79c8a669360e9a94413b4b04be962559
Instruction Fuzzy Hash: 9E311E7154D3C09FD7138B259C55A56BFB4EF07210B0A84DBD985CF2A3D2289949CB72

Function 04DE0070 Relevance: 2.8, Strings: 2, Instructions: 343COMMON

Download Yara Rule

Strings

Tqk, xrefs: 04DE047C
\, xrefs: 04DE0138

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: Tqk$\
API String ID: 0-3011215783
Opcode ID: 3cd6fe741214d897f5483eb1e7e813bbc3c6e852372629c5160b21ecf7fc8121
Instruction ID: 05292c4ae5d4ab7f94748b75e333353c607f68bf966064b5cceb5b66f9e4663d
Opcode Fuzzy Hash: 3cd6fe741214d897f5483eb1e7e813bbc3c6e852372629c5160b21ecf7fc8121
Instruction Fuzzy Hash: 12D1AF30700220DBCB29EF75D98876D73A2BF84318F208968D84A9B795DF75EC06CB91

Function 07F34050 Relevance: 2.8, Strings: 2, Instructions: 289COMMON

Download Yara Rule

Strings

Tqk, xrefs: 07F343A1
Tqk, xrefs: 07F342C1

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: Tqk$Tqk
API String ID: 0-628675707
Opcode ID: 75954fec2899b66e576e692504bb29965db445ada42cd58cffdcb2f1dee65ab0
Instruction ID: 990e246f2c6b347590c9592cf392a9a6e273404c869e1632a7fe7fc0c1860577
Opcode Fuzzy Hash: 75954fec2899b66e576e692504bb29965db445ada42cd58cffdcb2f1dee65ab0
Instruction Fuzzy Hash: 51A104B17006408FC729EB38C49897D77A2BF8A24976549BDD40ACB762DF36EC06CB51

Function 07F31F90 Relevance: 2.7, Strings: 2, Instructions: 247COMMON

Download Yara Rule

Strings

TGk, xrefs: 07F321F3
TGk, xrefs: 07F32243

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: TGk$TGk
API String ID: 0-4027386553
Opcode ID: 541cfbf2939e1e8bb9b266cfa9cb92daaa2704213cfc7817e4df92fe5f3ad37a
Instruction ID: 3125e7b4b5a7c90b0b03d54effa309fb339353d1d5f8d9adca8d04cb55460907
Opcode Fuzzy Hash: 541cfbf2939e1e8bb9b266cfa9cb92daaa2704213cfc7817e4df92fe5f3ad37a
Instruction Fuzzy Hash: DF817C347002008BD719AB39C86877D76E7AFC9654F2880B9E906CF7A5DF75DC068782

Function 07F3398B Relevance: 2.7, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

h^k, xrefs: 07F33A4D
\, xrefs: 07F33A42

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: \$h^k
API String ID: 0-4106770580
Opcode ID: d16bff96adbf38c0a8d66219d69edbc24301c2ec3de2ac2f8a5a7a2a2f9df52a
Instruction ID: a8174a9c77d0ff48182d7b6cf2cefa2d6313c71a934e0d55b83d46b1e24b6ef5
Opcode Fuzzy Hash: d16bff96adbf38c0a8d66219d69edbc24301c2ec3de2ac2f8a5a7a2a2f9df52a
Instruction Fuzzy Hash: AA617C70B006158FCB18EB78C559AAEB7F2AF88345B25806DD406DB3A0DF79DC45CB81

Function 04DE0007 Relevance: 2.7, Strings: 2, Instructions: 182COMMON

Download Yara Rule

Strings

Tqk, xrefs: 04DE047C
\, xrefs: 04DE0138

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: Tqk$\
API String ID: 0-3011215783
Opcode ID: 539607e69311804ad5b2bca75abbe9e309e1ed78d1ca3f07a64e692018fb735f
Instruction ID: 321cb184d659cfbdcb13162067c8819d344f652e43f646f3e0e41ba2ad10d992
Opcode Fuzzy Hash: 539607e69311804ad5b2bca75abbe9e309e1ed78d1ca3f07a64e692018fb735f
Instruction Fuzzy Hash: 86512771A053508FC70AEB7494502ADBBF2BF86314B1585AED845DB793DF389C0ACB92

Function 079295E0 Relevance: 2.7, Strings: 2, Instructions: 178COMMON

Download Yara Rule

Strings

(k, xrefs: 07929644
(k, xrefs: 07929706

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: (k$(k
API String ID: 0-1506702161
Opcode ID: 88188d617b589030127f6865267861f7f2c78066e99373a914ee3eab77a27ba9
Instruction ID: df8e36e67e898e9ab48bd06479a07c24f215abfe58a5b2b87836637c1ff065ea
Opcode Fuzzy Hash: 88188d617b589030127f6865267861f7f2c78066e99373a914ee3eab77a27ba9
Instruction Fuzzy Hash: 67519236A00114AFCF199FA4D954E697BB7FF8D314B1A80A9E2069B372CB32DC11DB51

Function 0792C321 Relevance: 2.7, Strings: 2, Instructions: 176COMMON

Download Yara Rule

Strings

W, xrefs: 0792C32D
\, xrefs: 0792C3D3

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: W$\
API String ID: 0-92740958
Opcode ID: 39cdf79b1f89099c76eb8a68eeaa09ffab619255e17ad51b0412af7da295e153
Instruction ID: b2ece16cdadb5941d26e0bf43e358aa4924c903622ca6ed0158d733830e083c4
Opcode Fuzzy Hash: 39cdf79b1f89099c76eb8a68eeaa09ffab619255e17ad51b0412af7da295e153
Instruction Fuzzy Hash: AC618B35702210DFCB55EB34D45976E33A3BB9831AB29442DE406CB7A9DF79AC82DB40

Function 0792D4E0 Relevance: 2.6, Strings: 2, Instructions: 106COMMON

Download Yara Rule

Strings

TGk, xrefs: 0792D585
,`k, xrefs: 0792D55A

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: ,`k$TGk
API String ID: 0-2085852967
Opcode ID: 58651d2d3b1f276b7367064dfec4e722f95b0b45ea1bc006133fc741db5497c4
Instruction ID: 1fb8680721e1ac6d9d0901732440be550f98a7ddfc8405d780164d03ccc18318
Opcode Fuzzy Hash: 58651d2d3b1f276b7367064dfec4e722f95b0b45ea1bc006133fc741db5497c4
Instruction Fuzzy Hash: 363138317042214FCB19733994286AE3BD79F86159B14407AE006CBBA9CF78DC4B87D2

Function 04DE0CD8 Relevance: 2.6, Strings: 2, Instructions: 84COMMON

Download Yara Rule

Strings

k, xrefs: 04DE0D7F
Tqk, xrefs: 04DE0D40

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: k$Tqk
API String ID: 0-2325033766
Opcode ID: bea4b523053928e7080e00e224e140cc4cd8c6cb3ffe07f009989e697bc78c5e
Instruction ID: a8c0567a3c8cd57ebbaaeb27e5cf330c8304e0114f7a65a1a0e3d8286afbfd08
Opcode Fuzzy Hash: bea4b523053928e7080e00e224e140cc4cd8c6cb3ffe07f009989e697bc78c5e
Instruction Fuzzy Hash: 2321BC717003108FC7259B79985097EB7EAAFC9218314893EE54ACB766DE31EC0ACB60

Function 04DE0CE8 Relevance: 2.6, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

k, xrefs: 04DE0D7F
Tqk, xrefs: 04DE0D40

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: k$Tqk
API String ID: 0-2325033766
Opcode ID: 5137ab68a0183cb6c1735183e1a5bdc06eacc893dc040091762b03be7cb0324a
Instruction ID: c7d0c6e1a4206e8ccf178a2f8f186181d73ae8b8c2bbb19f7cd020e26a285d58
Opcode Fuzzy Hash: 5137ab68a0183cb6c1735183e1a5bdc06eacc893dc040091762b03be7cb0324a
Instruction Fuzzy Hash: 99219D717003104FC7259B79985096FB7EAAF89214314883DE44ACB762DE31EC09CB60

Function 0792C75E Relevance: 2.6, Strings: 2, Instructions: 70COMMON

Download Yara Rule

Strings

TGk, xrefs: 0792C7BF
,`k, xrefs: 0792C806

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: ,`k$TGk
API String ID: 0-2085852967
Opcode ID: 40644b11e99786499898b1075cfaaf2af4cd32bb8bab106c5bfdadc9e3901466
Instruction ID: a75ffb7f4fa4d139746b822cab6c29600ff5c7df951309f4cbf5cf66eb52eb28
Opcode Fuzzy Hash: 40644b11e99786499898b1075cfaaf2af4cd32bb8bab106c5bfdadc9e3901466
Instruction Fuzzy Hash: 292106307002458FDF19EB34C5546DD7BB2EF8A254F1485A9D405AF799CB34AC4BC7A2

Function 0792C7BE Relevance: 2.5, Strings: 2, Instructions: 44COMMON

Download Yara Rule

Strings

TGk, xrefs: 0792C7BF
,`k, xrefs: 0792C806

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: ,`k$TGk
API String ID: 0-2085852967
Opcode ID: 96a203c0c7fe5ab81a7abe90ab9d327af172241f7ab3e70f44df5714e03d6a5f
Instruction ID: e4f2641726bb72e040127f79e8e8957daf7f8102f6867ebc9d95342407d2c3e0
Opcode Fuzzy Hash: 96a203c0c7fe5ab81a7abe90ab9d327af172241f7ab3e70f44df5714e03d6a5f
Instruction Fuzzy Hash: 0D01D6207046918FDF5E6378452156E2BA3AFC719076549BAE046EFBD5CF385C0B8363

Function 04DE9890 Relevance: 1.6, Strings: 1, Instructions: 379COMMON

Download Yara Rule

Strings

2Urj, xrefs: 04DE9A84

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: 2Urj
API String ID: 0-2709491807
Opcode ID: abbf4d8ab395705c901a92520294c1a167f5ab693f015ef5296e860c26ab4a75
Instruction ID: ba2d50add7cbb8b7220f4f9e62268c482845269d6ea6ece9b7733a80f3e61525
Opcode Fuzzy Hash: abbf4d8ab395705c901a92520294c1a167f5ab693f015ef5296e860c26ab4a75
Instruction Fuzzy Hash: 73D1C3707042109FD749AB78C5587AEBAE3AFCA308F05892CD50ADB791DF75AC09C792

Function 064161D0 Relevance: 1.6, APIs: 1, Instructions: 124networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064162B0

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 1c1778e387432f731c2f2c5a31c1380ff34d38a7e31205faa3e98e3d8074d3ba
Instruction ID: 04b58d0c7d991dd3f4ce9705f7a9f44f26dede0e7221cb3575e2a8e78fd5710d
Opcode Fuzzy Hash: 1c1778e387432f731c2f2c5a31c1380ff34d38a7e31205faa3e98e3d8074d3ba
Instruction Fuzzy Hash: 8A41887640E3C45FE7138B259C65A96BFB4AF03214F0E80DBD984CF1A3D2689A09C772

Function 04DE98A0 Relevance: 1.6, Strings: 1, Instructions: 372COMMON

Download Yara Rule

Strings

2Urj, xrefs: 04DE9A84

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: 2Urj
API String ID: 0-2709491807
Opcode ID: 663768ae71c02a8ea80cfba27ad24aa694649aeb622bc05aac327e91f0519159
Instruction ID: b94e11b4b770682d9c3f2ebb543b28e39510e09c9d2e86b0ff440d13be9f508e
Opcode Fuzzy Hash: 663768ae71c02a8ea80cfba27ad24aa694649aeb622bc05aac327e91f0519159
Instruction Fuzzy Hash: F6D1C2707042109FD749AB78C5587AEBAE3BFC9308F058928E11ADB791DF75AC09C792

Function 04DE0F10 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

5k, xrefs: 04DE1147

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: 5k
API String ID: 0-695236183
Opcode ID: 8db9cd7343f7fe3be83c30c7a972ed584dde2b3449fa1773d2592bfe7fa7df77
Instruction ID: 1166b1caa59e5fefe11cbcc698aa703791af62f6530fcd91d6a73b965bbdd981
Opcode Fuzzy Hash: 8db9cd7343f7fe3be83c30c7a972ed584dde2b3449fa1773d2592bfe7fa7df77
Instruction Fuzzy Hash: 70E16C347002008FC714EB74C599BEE77E2AF89304F158879E50A9B7A5DF75AD0ACB92

Function 064133DA Relevance: 1.6, APIs: 1, Instructions: 110registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 064134B9

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 75a370a2dc3e85273de145f240fbd58ceb319c8156e79ac3ce42391f24846363
Instruction ID: 3410e1d39e8455618cb3475261902eb86e633a6236981e529984994754007648
Opcode Fuzzy Hash: 75a370a2dc3e85273de145f240fbd58ceb319c8156e79ac3ce42391f24846363
Instruction Fuzzy Hash: D7415E724093C06FE7238B258C55F96BFB8EF07214F0984DBE9818F5A3D265A948C772

Function 04DE0F01 Relevance: 1.6, Strings: 1, Instructions: 359COMMON

Download Yara Rule

Strings

5k, xrefs: 04DE1147

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: 5k
API String ID: 0-695236183
Opcode ID: 0a6cf24a1b16ce5b998a9eb8907a5919a579ee7349e11806132c7fe1caf24e14
Instruction ID: 32edd8b29127a87eaf6f0dfff2c70cc699d232946c053cdf8fff853129c97b0b
Opcode Fuzzy Hash: 0a6cf24a1b16ce5b998a9eb8907a5919a579ee7349e11806132c7fe1caf24e14
Instruction Fuzzy Hash: 62E14C347002008FC754EB74C599AEE73E2AF89304F158878E50A9F765DF76AD0ACB91

Function 064164BF Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 06416597

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 629bb0cf93c28df7af24247f7b0cc7021317a9965342ebecbc5b3aeb5634ed57
Instruction ID: 4aae9088e2859279cc06ea3af694f3a317b363405470822e38b6ca8eacc34ad5
Opcode Fuzzy Hash: 629bb0cf93c28df7af24247f7b0cc7021317a9965342ebecbc5b3aeb5634ed57
Instruction Fuzzy Hash: 1931C3B24043446FE7228B60CC44FA6BBECEF05314F05489AEA849B292D375A949CB71

Function 0641438C Relevance: 1.6, APIs: 1, Instructions: 100networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32 ref: 0641444E

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 574277e7e2ef4b598a58fc1ae7175697db8e8e8b6859f044da3c3380763d2d85
Instruction ID: cc92fcc9979d9db0b2fe8e8a660b92c942e0175925cde44db1fb7545d71aa709
Opcode Fuzzy Hash: 574277e7e2ef4b598a58fc1ae7175697db8e8e8b6859f044da3c3380763d2d85
Instruction Fuzzy Hash: 91314E7140E7C05FD7238B65DC54B52BFB4EF07214F0988DBE9848F6A3C269A909CB62

Function 0641537B Relevance: 1.6, APIs: 1, Instructions: 93encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E24,?,?), ref: 0641543E

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: c421ee11adf44caaada570f0f5a344784aceae37b17420c7b578ba4124b962b5
Instruction ID: fafecf5df4ae255e223008425d860ce9d86ecdb84293251cf9a1aef38d311011
Opcode Fuzzy Hash: c421ee11adf44caaada570f0f5a344784aceae37b17420c7b578ba4124b962b5
Instruction Fuzzy Hash: AF319E7640E3C45FD7138B258C61AA2BFB4EF47614F0E84DBD8C48F6A3D2246919C7A2

Function 06415C86 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06415D32

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 2014ecbba7788b43682ea03c5c4cd2f7680bd581008448e887944c73b8496729
Instruction ID: 9f8e283285fd59217e5eaa96ed36a5c68051b3c5582e97c2c6bbe2fb641c1073
Opcode Fuzzy Hash: 2014ecbba7788b43682ea03c5c4cd2f7680bd581008448e887944c73b8496729
Instruction Fuzzy Hash: DA31C7B24053806FE7228B14DD44FA7BFB8EF46310F08849BE9809F253D274A509C771

Function 06415A8D Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06415B3D

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 93c4a1b6669e80a8602e9dda6e212653df8a6c3590c6f07b5043e9d564005b5a
Instruction ID: 2674f8a95f8a6cb662f9449ea80a62885b5fef313bb94bc01ce7182e32cfccbe
Opcode Fuzzy Hash: 93c4a1b6669e80a8602e9dda6e212653df8a6c3590c6f07b5043e9d564005b5a
Instruction Fuzzy Hash: EF3181B2405344AFE7228F65CD84F97BFBCEF45210F0888ABE9459B652D264A548CB71

Function 00A3A605 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00A3A6B5

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9bba6981738641ef8fc33ecda55b833a7c710974eff2d22d057f0e74543cff75
Instruction ID: 006707dd6f1d2130600afc52c7bdef50b7b641b7d144ecafad1e68dddb134e69
Opcode Fuzzy Hash: 9bba6981738641ef8fc33ecda55b833a7c710974eff2d22d057f0e74543cff75
Instruction Fuzzy Hash: 83318071509380AFE721CF65CC85B56BFF8EF05310F0988AEE9848B652D375E948CB61

Function 00A3BD21 Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

GetClassInfoW.USER32(?,?,?), ref: 00A3BDCA

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: dc88a7d6de6e0ea38cca199db4f02c791d697d9106f840f1f3c53b6ddf0fb892
Instruction ID: 4d3310883fcb147626c6f9e9178da8c711a5f4af9f35b70c719aaf6f72166ce4
Opcode Fuzzy Hash: dc88a7d6de6e0ea38cca199db4f02c791d697d9106f840f1f3c53b6ddf0fb892
Instruction Fuzzy Hash: 9731257650E3C09FD7138B259C64A51BFB4AF07214F4E80DBE984CF1A3D269A908CB72

Function 06415281 Relevance: 1.6, APIs: 1, Instructions: 89networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06415331

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 1e322f745cade42774e0671098fbb174262aee0ac41b7a9d7b944b7675fbbc87
Instruction ID: b6ca63831a12855dc82ab07cfca462c6f09ad6f8fea7b1b970346b4a14d7f30d
Opcode Fuzzy Hash: 1e322f745cade42774e0671098fbb174262aee0ac41b7a9d7b944b7675fbbc87
Instruction Fuzzy Hash: 31318371505784AFDB228F15CC44F96BFF8EF45710F08859BE9848B652D375E908CB61

Function 064147E8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 0641487F

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 062aa29c269b1bcbc506e0f6b4864420fc8f4e6f842916c717a19b038a68b3f7
Instruction ID: dc55501710542d971e4e521ff1e1beb51146ddb4775b25db665c496c2b7ca999
Opcode Fuzzy Hash: 062aa29c269b1bcbc506e0f6b4864420fc8f4e6f842916c717a19b038a68b3f7
Instruction Fuzzy Hash: A631B1725053856FE7228B25DD45FA7BBECEF05210F0888ABE944DB652D264E808CB61

Function 06414FFC Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06415099

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 8e14a610be42afa0f4583c3066e0d48a1c5070b8f116b2d624cead7d4f50c957
Instruction ID: 6997b86abca8c6c9201646eb88cef609df081c09cf02677fa98fac4250ccb9ff
Opcode Fuzzy Hash: 8e14a610be42afa0f4583c3066e0d48a1c5070b8f116b2d624cead7d4f50c957
Instruction Fuzzy Hash: BB31E5B24053805FE7228F54DD45B96BFB8EF46314F0884ABE9858F193D365A909CB71

Function 06416A84 Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06416B1A

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: b8b2aa5bc03744a3544010a7460ced0d7272cb96a9d79a2f23a573c7e5d83bf5
Instruction ID: b5158442a4a3c76d956d7542713ae93ba1adc6168b988c729ddaad0cd108c11e
Opcode Fuzzy Hash: b8b2aa5bc03744a3544010a7460ced0d7272cb96a9d79a2f23a573c7e5d83bf5
Instruction Fuzzy Hash: A021D2725093846FEB12CF24DD44B97BFB8EF06710F09849BE9848F263C264A908CB61

Function 06414D0D Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 06414DAD

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 23da3e399c2ea7cb17f024dfac19cf89076be3c15159dee27b3f76583df182e9
Instruction ID: 2b04c1dc54299ada62976eaece387ddb551491e3baec5768ec42aa4475390236
Opcode Fuzzy Hash: 23da3e399c2ea7cb17f024dfac19cf89076be3c15159dee27b3f76583df182e9
Instruction Fuzzy Hash: 323171B1509380AFE722CB25CD45B56FFF8EF06710F0884AAE984CB652D365E908CB61

Function 064164F2 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 06416597

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: f5449088fe6f7e44ee6f37ea97e4ab07d5b5fecd4c3695c83ced38f5766bccb3
Instruction ID: d54e94ee859b0eb0b4b9c556972e6c0d3b39a1bd4c4f1cce16faad64da9fde7b
Opcode Fuzzy Hash: f5449088fe6f7e44ee6f37ea97e4ab07d5b5fecd4c3695c83ced38f5766bccb3
Instruction Fuzzy Hash: 4E21F372500204AFFB319F14DD89FA6F7ACEF04714F00486AFA449A681D7B4E509CBB1

Function 06415B92 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06415C3C

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 29657a9ebab2af0f4c38518e8b1705d3d5a16e88c67f6589841004d881a5d55e
Instruction ID: ec4c9d4d53e425fd2707189eb89af5651a0c963e3f28bdaef685064a5a5543e3
Opcode Fuzzy Hash: 29657a9ebab2af0f4c38518e8b1705d3d5a16e88c67f6589841004d881a5d55e
Instruction Fuzzy Hash: 6A31B1B2405384AFEB22CF54CD44F96BFB8EF46714F0888ABE9849B552D264A509C7B1

Function 06416B79 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06416C0A

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: baf81a668f861717952aaf23c90e54901bccbfa347596ac2b0c199f475845554
Instruction ID: d9c4cb5bdb4b0757b7f79653926bf9184d310c2ce89e4fdaac1489bf59060f78
Opcode Fuzzy Hash: baf81a668f861717952aaf23c90e54901bccbfa347596ac2b0c199f475845554
Instruction Fuzzy Hash: 8621A2715053806FE7228B15CD44F96BFACEF46210F0984ABE944CB252D264E908CB61

Function 04DEF2EC Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

$k, xrefs: 04DEF3ED

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID: $k
API String ID: 0-623413336
Opcode ID: 91f86973c56a7b9eaf4d902dc14d0cd4020b204aa2300496e4f5753956a851d9
Instruction ID: 7618619e69ab5dc0d2fd9397db3ee7bd0fced59a41ad6f825908768da7e9adb1
Opcode Fuzzy Hash: 91f86973c56a7b9eaf4d902dc14d0cd4020b204aa2300496e4f5753956a851d9
Instruction Fuzzy Hash: 6CC18A303006019BDB14EB76C59867E77E3EFC8354B25892CD5468B3A5EF39EC0A8B52

Function 06416C70 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 06416D16

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: fe4ef035b57740d04cc781f1a8a12e97b929885006d87c82d72bfcd2684dbccc
Instruction ID: fb09f7c56faa6ba6e42857f0afdfa8f0714713dbc6c3d97793836245db80c653
Opcode Fuzzy Hash: fe4ef035b57740d04cc781f1a8a12e97b929885006d87c82d72bfcd2684dbccc
Instruction Fuzzy Hash: 4321BFB14093C06FD312CB65CC55B66BFB8EF87714F0984DBD8848B6A3D225A909C7B2

Function 06413EB9 Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06413F5C

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 847e53c39f40fdaf1105e316f413eead1b1058afc5dfc45f048a0d81ba755910
Instruction ID: d172f7a3b7224ba629a9ac7d23eda18e2fe1b754427e83f369dd79b0fdd4aee5
Opcode Fuzzy Hash: 847e53c39f40fdaf1105e316f413eead1b1058afc5dfc45f048a0d81ba755910
Instruction Fuzzy Hash: FA217C76505784AFE722CF15CD84FA3BBFCEF05610F0884AAE9459B692D364E908CB61

Function 0641060C Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 064106A6

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: f51c9799f19611b1f35e46d7b1c6aa877ae1c0c14b7b8342972e0cc31d2daab3
Instruction ID: 2afe85383f45d12e29fa728b710e792962dd30ee9debb601a533f79014eade7a
Opcode Fuzzy Hash: f51c9799f19611b1f35e46d7b1c6aa877ae1c0c14b7b8342972e0cc31d2daab3
Instruction Fuzzy Hash: 3121A7B54093806FD3138B25CC51B62BFB4EF87624F0A45DBE8848B693D2656D19CBB2

Function 064178AB Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06417932

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 7780332ea9bcb682d6832d6b6b8070547efdaa61c9f4ffe9d7ae1daab6498da6
Instruction ID: f6e5a0f66895b2f446f51f4f97f0da4fb4d6dbe1692f1da0a3003a16f2b53392
Opcode Fuzzy Hash: 7780332ea9bcb682d6832d6b6b8070547efdaa61c9f4ffe9d7ae1daab6498da6
Instruction Fuzzy Hash: C2219572505281AFE721CF55DD44FA6BFB8EF46310F0884ABE9848F652C265A548CB61

Function 06415ABE Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06415B3D

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: e32a5d8a56e942cdc6b2156717b1e0062df254035af6c82e734fe4994bcca768
Instruction ID: 284e66b0bcfe702ebd46164effa44f68c65b7c7c7c3154d92b10034216c3ddea
Opcode Fuzzy Hash: e32a5d8a56e942cdc6b2156717b1e0062df254035af6c82e734fe4994bcca768
Instruction Fuzzy Hash: 8F21AFB2500204AFEB21DF55DD88FABBBECEF44624F04886BE945DB641D374E5088BB1

Function 00A3A424 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 00A3A4BE

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 9025ad0bc359c648e5bce60b6e274e5e48a60fb63b46b3af83496dd80937b101
Instruction ID: 52ecd7e2a0710442f62073c8d6ec1a698afd70c1af95c2535d0786cf319607f1
Opcode Fuzzy Hash: 9025ad0bc359c648e5bce60b6e274e5e48a60fb63b46b3af83496dd80937b101
Instruction Fuzzy Hash: CE21D4754493C06FD3138B258C51B62BFB8EF87614F0A41DBE884CB693D225A919C7B2

Function 0641499E Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 06414A32

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 32d6952b0b11add6e9459761c72f0df85dce5e4d3b8c6a2ec02888be9e1908ce
Instruction ID: 7cb8a6474fd0e6260727ca63638ab308fb0f70349fda4c684cec6c18165c9e0f
Opcode Fuzzy Hash: 32d6952b0b11add6e9459761c72f0df85dce5e4d3b8c6a2ec02888be9e1908ce
Instruction Fuzzy Hash: 94216D72409284AFE722CB55DD44F96FBF8EF09314F0488AAE9848B652D365A548CBA1

Function 06413FB2 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 0641404E

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 404bc4376a687aaeb7f494352b2b67e4bb4ec7820f38d7c8e0d6a85a5b6bdbd3
Instruction ID: c0c268e7530444a06ddf3053e96bea4e830e9eb1fa6abfe1347c35410d5ca28f
Opcode Fuzzy Hash: 404bc4376a687aaeb7f494352b2b67e4bb4ec7820f38d7c8e0d6a85a5b6bdbd3
Instruction Fuzzy Hash: F621C8754093C06FD3138B258C51B62BFB8EF87614F0A85DBE9848BA53D2256919C7B2

Function 0641584E Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 064158D1

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: fcfd6701c14c7f0a7623fdc3fd247feae892f4feac98961158aa984e2fe58588
Instruction ID: c498938380d3efdb5f46064d72fbfbde847132561444dc0da237bb2fc25e3903
Opcode Fuzzy Hash: fcfd6701c14c7f0a7623fdc3fd247feae892f4feac98961158aa984e2fe58588
Instruction Fuzzy Hash: 8121A1B14052446FE7219B14DD48FA6BFACEF45220F0888ABE9449B252D374A908C7B1

Function 06413A6C Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06413AEC

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 8de2c1443a876fae641d42c19cf3cf34d793af5a98b7b72b28776a38e7d28c53
Instruction ID: 61544c783a810ca1ae2641b24414bed5d299d69a71e66e60e61b1c5b9f59f8ed
Opcode Fuzzy Hash: 8de2c1443a876fae641d42c19cf3cf34d793af5a98b7b72b28776a38e7d28c53
Instruction Fuzzy Hash: A721C2715093856FEB22CF15DD44F96BFB8EF46320F0884ABE944CF292D274A948C761

Function 0641480E Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 0641487F

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 385ae87c331e2be6df07fc66d54e40030b2b9116a4b290c461c8a16ee61490b3
Instruction ID: a1dc654f6ab5a58ba5774364225482d3361c76760374f97414c849a391b20bcf
Opcode Fuzzy Hash: 385ae87c331e2be6df07fc66d54e40030b2b9116a4b290c461c8a16ee61490b3
Instruction Fuzzy Hash: AD21B076500244AFEB209E29DD49BAABBECEB44724F04886AE945DB741D274E4088BA1

Function 064146F6 Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06414794

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 27806a1e44cfe64d64885d1fe3249daa5986ddff238f6cc83e29962851a43ba4
Instruction ID: 9959b28f1e7df7c668718c72dc3f326ecfe85292bcf92b149ee458376be22770
Opcode Fuzzy Hash: 27806a1e44cfe64d64885d1fe3249daa5986ddff238f6cc83e29962851a43ba4
Instruction Fuzzy Hash: 57219CB2505380AFE722DF15CD84F57BBF8EF46710F08849BE9859B692D364E908CB61

Function 00A3A636 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00A3A6B5

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e137113e5db5b1de9d88ff93034e489e296a67b78bdad8c5507db341c1a8f354
Instruction ID: fb51efb20c6fef54bc4428ddca520d236dba457f76a67aff8980139f428e5281
Opcode Fuzzy Hash: e137113e5db5b1de9d88ff93034e489e296a67b78bdad8c5507db341c1a8f354
Instruction Fuzzy Hash: 65219071500240AFE721CF65CD49B66FBE8FF14724F18886EE9858B751D375E808DB62

Function 0641343A Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 064134B9

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 8427c058ea3fe2067437093da771fe2f6266e93fcb273fc8874adda372f5029c
Instruction ID: 8103b01096691a6e5cb5dbaaf54b4fee6b6d56ef0e9b0b2bf45e1ff2194fa497
Opcode Fuzzy Hash: 8427c058ea3fe2067437093da771fe2f6266e93fcb273fc8874adda372f5029c
Instruction Fuzzy Hash: AD21CF72500204AFE7228F19DD49FABFBECEF04624F04886BE9419B741D375E5088BB1

Function 06412AD9 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 06412B67

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 6a3cf8d4da36a5643ccdb42da9e4ab496834aac8edd7095b5514483e623e71cf
Instruction ID: ac228827884889aa8526da9f896ae8afd39d48e3e5f560fb8fd46214e6c89651
Opcode Fuzzy Hash: 6a3cf8d4da36a5643ccdb42da9e4ab496834aac8edd7095b5514483e623e71cf
Instruction Fuzzy Hash: 2A218D755097809FDB22CF21DC45B53BFF8EF06710F0988DAE9848F263D261A908CB61

Function 06415476 Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064154FA

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 2bbe663dca9c59516dbe4c14c36054793f7c849dbfa9779bea38ff492fd977fe
Instruction ID: 5e1babe1defaba59c7ea5501c2560e1499afa81362381f001787654a2a42ac79
Opcode Fuzzy Hash: 2bbe663dca9c59516dbe4c14c36054793f7c849dbfa9779bea38ff492fd977fe
Instruction Fuzzy Hash: 342180B2405284AFD722CB55DD44F97BBBCEF45310F0888ABE9449B652D274A548CBB1

Function 064166A2 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06416731

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 24cf606abc4228118c9bd54574c4fe0d45fb27a5b1596f0fa0a4bcccc67e3c3e
Instruction ID: 377faec7b3c716c487cd7216a088ef6240c84048f781a2c88cdeb60d7f4e7ded
Opcode Fuzzy Hash: 24cf606abc4228118c9bd54574c4fe0d45fb27a5b1596f0fa0a4bcccc67e3c3e
Instruction Fuzzy Hash: 8621B6754093846FE7228B11DD44F96FFB8EF06310F09849BE9848F653D265A508C771

Function 06415CBE Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06415D32

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 41247f70c0d770aa4e9d3cafa60bf70bef328314234f7908b2ad66076e985212
Instruction ID: 3fe85050dc0fb03a216d315828d03cf54bc79a866641be52ffb07acf16b1d8e4
Opcode Fuzzy Hash: 41247f70c0d770aa4e9d3cafa60bf70bef328314234f7908b2ad66076e985212
Instruction Fuzzy Hash: 18219FB2500204AFEB219F55DD48FAAFBACEF44620F04886BED459B751D374E4088BB1

Function 00A3A7C7 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 00A3A84D

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: ab7af1f50a09281c456caee24cc576560cc34c6e95603ad1423ddf5a1f6d6568
Instruction ID: 287673162a461aa644f95ae1787a773e5b33c608ee7eb5e3e603ba1a5aa5e3b8
Opcode Fuzzy Hash: ab7af1f50a09281c456caee24cc576560cc34c6e95603ad1423ddf5a1f6d6568
Instruction Fuzzy Hash: FC21D8B54093806FE7128B15DC40BA2BFBCEF46714F0984D7F9848B653C264A909C771

Function 00A3AB5A Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 00A3ABD9

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 07fcd5ade24a1a53ea7cbcf7489b05ad0cb0352746a950dc588ac5036951c599
Instruction ID: 41aa55b4e55968fd5f6ffad33cfc4f69a3f646d0c2b7d3c3ed175dd6e72e86b6
Opcode Fuzzy Hash: 07fcd5ade24a1a53ea7cbcf7489b05ad0cb0352746a950dc588ac5036951c599
Instruction Fuzzy Hash: 3B21D4B2405344AFE7228F55DD44FA7BFACEF45710F04886BF9448B652C275A908CBB1

Function 064152B6 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06415331

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 7da36fb4bf3084adbd47afb189585cdb3bf91ea52b1d8ec72519037036c6eed0
Instruction ID: 36233eea43b4c6d010845e9b97293de6a5b5861dba25572e695864b65a3d7a16
Opcode Fuzzy Hash: 7da36fb4bf3084adbd47afb189585cdb3bf91ea52b1d8ec72519037036c6eed0
Instruction Fuzzy Hash: B021AFB2500204AFEB21CF55DD84FA6F7E8EF44710F04886BED458BA51D3B0E409CBA1

Function 06414D3A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 06414DAD

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: de5095cc6027aa563a6f42fb324711545cdfa232aa6f82c2eed8c2b84956ad20
Instruction ID: a25f886f4b217ca8b45d6b105caadc42ac5f3f3a81c6f6e32f69456f2715ce36
Opcode Fuzzy Hash: de5095cc6027aa563a6f42fb324711545cdfa232aa6f82c2eed8c2b84956ad20
Instruction Fuzzy Hash: DB217C715002409FEB21DB25D949BA6FBE8EF04724F1484AAE949CF741D375E509CAB1

Function 06417992 Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06417A1A

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 005461f0e0dbce423f49aebabd073feaa08616359a920552cf1cebee02c676ba
Instruction ID: 5bbbba21a898786ae36281094e4f461ef46962598c047ec53046cb32ca969991
Opcode Fuzzy Hash: 005461f0e0dbce423f49aebabd073feaa08616359a920552cf1cebee02c676ba
Instruction Fuzzy Hash: BC21AF71409280AFE7228B14DD44FA6FFB8EF46710F0888ABE9449F652C365A548CB71

Function 06415544 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064155D3

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: fd3c90fe4f3dea9b914bbcf2353ed2d12db7f40d4e4e986d2414d496e9da13e9
Instruction ID: 4578df8740e595cd22e35cab58ab7a86f357d177755d2a0da3a12d966a347ae9
Opcode Fuzzy Hash: fd3c90fe4f3dea9b914bbcf2353ed2d12db7f40d4e4e986d2414d496e9da13e9
Instruction Fuzzy Hash: FF21D7B14093846FE7228B15DC45FA6FFB8EF46314F09849BE9849B653D274A908C7B1

Function 06413EE2 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06413F5C

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1bca96cdbf55042fb7ef0b6d12cbf8659bc3525371bd0638e93d2e364cc35153
Instruction ID: 494687e0363ae6bf42f6d0de55a30df6e97dd79464016f4472da4eee9c844aa3
Opcode Fuzzy Hash: 1bca96cdbf55042fb7ef0b6d12cbf8659bc3525371bd0638e93d2e364cc35153
Instruction Fuzzy Hash: 0D216D76600604AFE762CE15DD84FA7F7ECEF04620F04846BE9458B751D364E908CAB1

Function 0641676E Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 064167F2

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 827da42bb04488126310c38fb66634c4362c1971be2424689a6779cf7be94786
Instruction ID: 9f008612dbc448b1b0b8525f9c86316c4472ce3e892a6e8e573b44aecefa7e2e
Opcode Fuzzy Hash: 827da42bb04488126310c38fb66634c4362c1971be2424689a6779cf7be94786
Instruction Fuzzy Hash: 772190754093809FDB22CF61D844A92FFF4EF06310F0984DEE9858F563D275A818DB61

Function 06415103 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 0641517F

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 1dcee56b7c291a9fe47fa585a86ac41568aac25e5d3293a2f8bb7236f558385a
Instruction ID: 934965b07dc9973ce0db79cc28f590bcb03062c2493cc8c0f02e0e2fb2276d3e
Opcode Fuzzy Hash: 1dcee56b7c291a9fe47fa585a86ac41568aac25e5d3293a2f8bb7236f558385a
Instruction Fuzzy Hash: 282181B24093846FD722CF55DD84F96BFB8EF45710F0888ABE9449F652C275A508C7A1

Function 06411261 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 064112D8

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 9626f5476b3bb732004dbfc91db4cf907da839a5505a601747b3944dfb6cac71
Instruction ID: f801832638b33d2ecdd8ce9c0435321816a8f058c010ddaf8c314d37f509316b
Opcode Fuzzy Hash: 9626f5476b3bb732004dbfc91db4cf907da839a5505a601747b3944dfb6cac71
Instruction Fuzzy Hash: B92192725093845FDB228F24DC44A62BFF4EF07310F0884DAE9858F563D265A918DB61

Function 064144A7 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 06414524

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 8d5223d586c224c52b218e4a41c88fba72373114d23321ccce2819d1828e1438
Instruction ID: 674775ed1a0fd1ea17f5c74ffe2cc421505cdae69be65a473ee04a27124f6194
Opcode Fuzzy Hash: 8d5223d586c224c52b218e4a41c88fba72373114d23321ccce2819d1828e1438
Instruction Fuzzy Hash: 36217F724093C09FDB128F65DD45AA2BFB4EF07320F0D89DAD9848F163C235A949CB62

Function 0641622F Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064162B0

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: ec6fe1685b289aa482f26122b5f24b931839aa679b59e9c56c98226873fcc519
Instruction ID: f1c58a0cb7f42ce367ab7b0ef13b7095109ae2a2e619658c7e9b30baa7a78c83
Opcode Fuzzy Hash: ec6fe1685b289aa482f26122b5f24b931839aa679b59e9c56c98226873fcc519
Instruction Fuzzy Hash: A02193714093846FD7228B15CD44F96FFB8EF46624F09849BE9449F692C268A948CB62

Function 064143E2 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32 ref: 0641444E

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 5e62f496bdc14d0ed2fb84562c3be5a3880b047192a4c225b84743e6235508a6
Instruction ID: e8d7aaafa70000f315938a1d650d376378709f44deb4e7b8345812948bb3ffdd
Opcode Fuzzy Hash: 5e62f496bdc14d0ed2fb84562c3be5a3880b047192a4c225b84743e6235508a6
Instruction Fuzzy Hash: 4421A171504240AFE721CF55DD49B96FBE8EF08324F04886AE9458BB51D375E408CBA2

Function 064139A4 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06413A1C

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: fffe493e2235d1f07d082795bf0d4e4ce2bdc0baff4e123935b720572d24d081
Instruction ID: 61250f9102dc439cf9faa64d427b1d4db734fa493080374d2c696dd4dcc49328
Opcode Fuzzy Hash: fffe493e2235d1f07d082795bf0d4e4ce2bdc0baff4e123935b720572d24d081
Instruction Fuzzy Hash: B911E4B1404244AFEB22CF15DD44F96BBECEF45720F0484ABE9449F652C274A908C7B1

Function 06416BA6 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06416C0A

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: fde2bf9bb02fafbaa6ec83e7849da4392d08fc89d4448a504f21cfb3819e688a
Instruction ID: 1a76259f3f821555f0128c26a5d5a35fa97fc9b7c9a61e88fd7f2da262101319
Opcode Fuzzy Hash: fde2bf9bb02fafbaa6ec83e7849da4392d08fc89d4448a504f21cfb3819e688a
Instruction Fuzzy Hash: 7B116DB66002059FEB21CF15DD88FA6B7E8EF44620F05886BE945CB651D674E5088AA1

Function 064149BE Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 06414A32

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 7e9873805c9be06426cb43238711018d146ed7d5f3f4f9be0b2320b710f19891
Instruction ID: 2f43189de3a6e6b6698bcefd3b0038f66a4f6c42a8eb41e54c37f7634c1b1efc
Opcode Fuzzy Hash: 7e9873805c9be06426cb43238711018d146ed7d5f3f4f9be0b2320b710f19891
Instruction Fuzzy Hash: 7821C072504200AFE721CF55DD48FAAFBE8EF08324F04846AEA848BB51D375F508CBA5

Function 0641586E Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 064158D1

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 18677f792327a2a714780a5e1e3ebf3e9f0c7e1dbbb5095bbe633adbf85fbe6c
Instruction ID: 9d9fb9401f1d49d16198a119a9acadcc9e7ab07fb31002a7d308cb812facddf9
Opcode Fuzzy Hash: 18677f792327a2a714780a5e1e3ebf3e9f0c7e1dbbb5095bbe633adbf85fbe6c
Instruction Fuzzy Hash: 2411D6B1500204AFE7219F14DE48FAAFBACEF44620F0488ABED449F741D374A5088AB1

Function 06411314 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06411384

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 64542d1e34e25fcc61fe388704254449496460d68b11942451c0cfeb6a801677
Instruction ID: c0df421b5c0885c5b6b8bdb21a9f7203de7061d8f34d86a891fdb029bef25f99
Opcode Fuzzy Hash: 64542d1e34e25fcc61fe388704254449496460d68b11942451c0cfeb6a801677
Instruction Fuzzy Hash: 9521E1764093C09FD7138B24DC95A52BFB4EF47220F0980DBDD858F6A3D264A909CB62

Function 06414722 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06414794

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 2ab952eddf7487724d32c558ec4e172c5104baaa164ca9cab0aae2eb9ebe7612
Instruction ID: c3d990a2d3c7b91fe7f2b84b3ffc261df9ca3a7c9e119688bcac47fbc806dcca
Opcode Fuzzy Hash: 2ab952eddf7487724d32c558ec4e172c5104baaa164ca9cab0aae2eb9ebe7612
Instruction Fuzzy Hash: 4011AC76500204AFEB61DF15CD84FA7B7ECEF45720F08846BE9458B791D364E508CAB1

Function 06415BD2 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06415C3C

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 771f98b88cfe21613d118d3dabfada6a64ef1252e57f37e538248b4e70cc343f
Instruction ID: efb6378e23ab9998b8d9e4677f91e3b30f4b163de6027a818b8eee3bf05c70ca
Opcode Fuzzy Hash: 771f98b88cfe21613d118d3dabfada6a64ef1252e57f37e538248b4e70cc343f
Instruction Fuzzy Hash: 6211AFB2400204AFEB21CF55DE88F97F7ECEF44724F04886BEA459BA51D274E5088BB1

Function 00A3B75D Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00A3B7D9

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 656973ede49ea03c35d42e9fe8d99407780e11b74471432ce84e2b37bfd9e590
Instruction ID: bc1c15ea9ba266e4f7c691da0874a85cbc751a98dcf1e7862db05a4138e70797
Opcode Fuzzy Hash: 656973ede49ea03c35d42e9fe8d99407780e11b74471432ce84e2b37bfd9e590
Instruction Fuzzy Hash: 7C2181B55093809FD722CB15DC45B62BFF8EF56710F09808AE9848B252D365A908CB71

Function 0641503A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06415099

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 3f1eacb15a53f70e292266feb84322d84ef7eefbd8566db29d62a304191f8406
Instruction ID: ee4d9bc7ce11a842f93217fa07fefe29d0ab80f12120220771d2d54d2836c368
Opcode Fuzzy Hash: 3f1eacb15a53f70e292266feb84322d84ef7eefbd8566db29d62a304191f8406
Instruction Fuzzy Hash: 5411D3B2500204AFEB218F55DD44BAAFBE8EF45724F04886BE9458B651D375E408CBA1

Function 06410AC6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 06410B3B

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: c115de38c58659cd8e51b2c0edad2dfc6fe757a86ecb04b7dbaafc9694319ddf
Instruction ID: f463e6f4fbd19108da17389f2807a122ba9ed8a1840bc5650e92988ee7d6ea76
Opcode Fuzzy Hash: c115de38c58659cd8e51b2c0edad2dfc6fe757a86ecb04b7dbaafc9694319ddf
Instruction Fuzzy Hash: 1A21A2755093809FD7128F25DC45A52BFB8EF02614F0D80EBED858F2A3D265A949CB61

Function 064178D6 Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06417932

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 3d869cb3d4c7317f8cdf8e8b5cc1f38ca6e2d82db32ed5667a570a6e2b85a33c
Instruction ID: 44a7a5582b04456298af1d698ce59f2094f77cb9c07fa2f9ba6c12c92ea1034e
Opcode Fuzzy Hash: 3d869cb3d4c7317f8cdf8e8b5cc1f38ca6e2d82db32ed5667a570a6e2b85a33c
Instruction Fuzzy Hash: F9119072500204AFEB218F55DD48BA6F7A8EF44724F14846BED458A651D274E508CAB1

Function 06415496 Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064154FA

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: d8b820eaf696cbe4d870c8d5ea5ff12f4d5b6fd27d28eba8ced56b12a4886088
Instruction ID: bcf90ad0b97a1a65b6d8e477eaa64336e4b409561c9924d60a9109eac86b6523
Opcode Fuzzy Hash: d8b820eaf696cbe4d870c8d5ea5ff12f4d5b6fd27d28eba8ced56b12a4886088
Instruction Fuzzy Hash: E6118EB2400204AFE721CB55DE88F96B7ECEF44724F04886BE9459B641D674E5488AB1

Function 06416ABE Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06416B1A

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: f8bfc8dd6257fe870c7fc956674fc2b700b74a8a8ec82929b71cdfadb437b5ab
Instruction ID: 60d324e672a0b2a3eb4967428a23fae9684340b5fd54c6c3a0e29e837d60eb04
Opcode Fuzzy Hash: f8bfc8dd6257fe870c7fc956674fc2b700b74a8a8ec82929b71cdfadb437b5ab
Instruction Fuzzy Hash: 41119072500204AFEB218F59DE49BA6F7A8EF44720F04846BE9458F651D374E5088BB1

Function 06418561 Relevance: 1.6, APIs: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,?,?,?), ref: 064185D5

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Message
String ID:
API String ID: 2030045667-0
Opcode ID: b7bd49cc870a2240397b4d5c7ec1319408e9ada0cf5c83ca9c3bd3d728966b47
Instruction ID: 72c743910fda2c13541efbd1ae82723a07a5c9cc9852436b58bd46f8f95032e5
Opcode Fuzzy Hash: b7bd49cc870a2240397b4d5c7ec1319408e9ada0cf5c83ca9c3bd3d728966b47
Instruction Fuzzy Hash: 251172B55087809FD722CF25DC44B62FFF8EF56610F08849AED858B252D225E914CB61

Function 00A3B26F Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

EnumThreadWindows.USER32(?,00000E24,?,?), ref: 00A3B2ED

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: 35cce9de970db7f4c7332079bd60940b51a01479256e263b8e90d9951612c54f
Instruction ID: 092911bff6f92aec63f0df6a71b5d5a4ab0e1a882f1d327447c75d1aff99ddf2
Opcode Fuzzy Hash: 35cce9de970db7f4c7332079bd60940b51a01479256e263b8e90d9951612c54f
Instruction Fuzzy Hash: FF11E6755443807FD3118B16DC41F76BFB8EF86A24F0985AAEC484BA42D225B919CBA2

Function 064110FC Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06411169

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d7fe3827ae16fa072534d52223a33b41722db27014be6c413aea40dfe1722d76
Instruction ID: 6705b2a43d4a50e981afcc0e30a7fd274ee4fb503127edd056a7117f7069f43d
Opcode Fuzzy Hash: d7fe3827ae16fa072534d52223a33b41722db27014be6c413aea40dfe1722d76
Instruction Fuzzy Hash: 8211D6755097C0AFDB228F21DC45A52FFB4EF16210F0884DFED858F563D265A918CB62

Function 06413A96 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06413AEC

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: b7f0bcbeaad436085305dab09329dfc65d2d27b23b4d51e0e2f5e21ffb9ecf87
Instruction ID: 20f2a6c24cd08590749bfe1ec9e7eff4689beb4c699217348cceea959f4b8a9e
Opcode Fuzzy Hash: b7f0bcbeaad436085305dab09329dfc65d2d27b23b4d51e0e2f5e21ffb9ecf87
Instruction Fuzzy Hash: C8119172504205AFEB21CF15DD89BA6BBA8EF44624F0484ABE905CF751D674E508CAA1

Function 00A3A2A3 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A3A30E

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d07e8c004b1f4a3ea0b8a7e7340052cb8a0cc86a5af0f41ca2619d3b04971c4d
Instruction ID: eca146ef6968064c593e7e4eb1722ce23ff50d295f6c3409a20202f1aaf4ca0f
Opcode Fuzzy Hash: d07e8c004b1f4a3ea0b8a7e7340052cb8a0cc86a5af0f41ca2619d3b04971c4d
Instruction Fuzzy Hash: B8118476409380AFDB228F51DC44A62FFF4EF4A710F0884DAED858B562C275A918DB62

Function 06413B50 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06413BAC

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d684e704d904f1d5ce69f611464ce20e50b05e880a3db2a7b5def3e7cd3255fc
Instruction ID: 7063db9d7f146d1a9f4f6cfb63ed5d23fe68ddef9be00f62df9c6765d4f2d69f
Opcode Fuzzy Hash: d684e704d904f1d5ce69f611464ce20e50b05e880a3db2a7b5def3e7cd3255fc
Instruction Fuzzy Hash: 621190715093809FDB12CF25DC84B52BFA8DF06220F0884ABED85CF253E275E908CB62

Function 064113C0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 0641142D

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 3efd381686cdcda1adea3911386e4c725fa9a1a4e75352680f7ad4815711bc57
Instruction ID: fca80de534a190b2327cd51d929b138d16ff5a9260db1c558fef42a4871b9f06
Opcode Fuzzy Hash: 3efd381686cdcda1adea3911386e4c725fa9a1a4e75352680f7ad4815711bc57
Instruction Fuzzy Hash: 6E11AF754097809FDB238B25DC44A52BFB4EF06224F0984DFED858F663C265A908CB62

Function 00A3AB7A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 00A3ABD9

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: af1663359db6975212442409730eb593522eee474d1a131021d5e3607daeb78c
Instruction ID: 56ef578ff362d3b364074e085c378c5752dd4b867d571431cb20058160c76861
Opcode Fuzzy Hash: af1663359db6975212442409730eb593522eee474d1a131021d5e3607daeb78c
Instruction Fuzzy Hash: E511B272500204AFEB21CF55DD48F96FBE8EF54720F14886BF9459B651C375A848CBB2

Function 064179BE Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06417A1A

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: c225c2635471d9409018bba27392f13173a0dc1420b15695d3bbdcbf9d1d226d
Instruction ID: 99cd9959d06ba6c98c9395a8bdf6985877e90f2a89176fe01fb7813d6c560ca7
Opcode Fuzzy Hash: c225c2635471d9409018bba27392f13173a0dc1420b15695d3bbdcbf9d1d226d
Instruction Fuzzy Hash: 8B118F72500204AFEB21CF55DE88FA6FBA8EF44724F0488ABED459E651D375E5088AB1

Function 0641146D Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 064114D8

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: a6018e1e1537d6ab6b8402e8290d89fca0dd5fe81c9457828c728c45b3ff5d78
Instruction ID: fb390b04caea44e354f1b429ba018fdd9b9fc63de98b112fe7da6e7eb4241a07
Opcode Fuzzy Hash: a6018e1e1537d6ab6b8402e8290d89fca0dd5fe81c9457828c728c45b3ff5d78
Instruction Fuzzy Hash: E3117F754093C09FDB138B25DC44A62BFB4DF47625F0980DAED858F263D2656908CB62

Function 06413D46 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06413DAB

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 451a1065bc0d8fc7de068b68d27d306843f2099890971c0330466de91fc2d3be
Instruction ID: 411b9472d1e5e87726d79509e0150007a1b838b0e5475bb2fa736796bacdc269
Opcode Fuzzy Hash: 451a1065bc0d8fc7de068b68d27d306843f2099890971c0330466de91fc2d3be
Instruction Fuzzy Hash: EE1190765087849FD7128F25DC45A52BFB4EF06220F0980DBED858F2A3D275A908DB62

Function 06415126 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 0641517F

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: ecd6af7572f58054a83bc96f1ac3711e9511ceb75b53a5c5ef3d9980817cee5f
Instruction ID: 98f5c5484bed459a64a89292da94b5bc2dde3ce314c0659ca8582a9bc6691001
Opcode Fuzzy Hash: ecd6af7572f58054a83bc96f1ac3711e9511ceb75b53a5c5ef3d9980817cee5f
Instruction Fuzzy Hash: 9411A7B29002049FE721CF55DD44B96FBE8EF44724F04C467E9459F741C375A508CAB1

Function 064139C6 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06413A1C

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 8b0dc0fa65c3b0df3b4dd3efb74edde626d4492a920585e028425263b7b8fa55
Instruction ID: 6bd53c5434f3efb32b5df2882373d5e13ee9f20ef3716fbe66ec8038c0468618
Opcode Fuzzy Hash: 8b0dc0fa65c3b0df3b4dd3efb74edde626d4492a920585e028425263b7b8fa55
Instruction Fuzzy Hash: 5F117072504204AFEB21CF15DE88BA6BBE8EF44724F1484A7ED449F751D274A5098AA1

Function 064166D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 06416731

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: d9a7e422b14867bf56562721a96d021c23e9ede1b13d86508aa71239beb8098c
Instruction ID: 43ebc743765bb103b2fe9ab86cce97900904e04590976e5b9a247438125dc19b
Opcode Fuzzy Hash: d9a7e422b14867bf56562721a96d021c23e9ede1b13d86508aa71239beb8098c
Instruction Fuzzy Hash: 4311A076500204AFEB219F15DE88FA6FBA8EF44724F05845BEE454A751D374E508CAB1

Function 06413CA4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06413D08

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: cfcf165e7adb15b5ae763188148cb38aa18569d1dd280e7b4b409387943a0d63
Instruction ID: e80329f5d79987da0a03320e8808e1534ada5e15895348ecc1e96ee62b39cd45
Opcode Fuzzy Hash: cfcf165e7adb15b5ae763188148cb38aa18569d1dd280e7b4b409387943a0d63
Instruction Fuzzy Hash: EF1160714093C0AFDB12CF25DD85652BFB4EF46220F0988EBDD859F263D279A948CB61

Function 0641557A Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064155D3

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 1dfd31e391d203750683536910450287a7943017bb63877dd4afccf99c74fa26
Instruction ID: ee5503a72ddc705d1a3709fc4c425e3fb985d15ff40dd4b86227832d13b8dfbb
Opcode Fuzzy Hash: 1dfd31e391d203750683536910450287a7943017bb63877dd4afccf99c74fa26
Instruction Fuzzy Hash: A611C2B6500204AFE7218F05DD44FA6F7E8EF44724F04846BED454B751D374E508CAB1

Function 00A3AFA3 Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00A3B004

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 1257a053795197dafbca3cdb518535e68c156c44cc17c92afcf114ab3324020e
Instruction ID: a76cc8585af175dc4c8169d4384dfef6b1c0d297c2a89279a8caed7ef2299925
Opcode Fuzzy Hash: 1257a053795197dafbca3cdb518535e68c156c44cc17c92afcf114ab3324020e
Instruction Fuzzy Hash: 98116D714493809FDB12CF15DC49B52BFB4EF46325F0884DAED898F293D275A948CB62

Function 00A3A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00A3A0D5

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 8c0094e7edbf6ad9dc829cf485108f3dd054759270b64eb4b8cb6fcb5e92c033
Instruction ID: c278d3563e8bafa38d2d8757c3fdb732d16235fab88ddb5e488391574f06cca1
Opcode Fuzzy Hash: 8c0094e7edbf6ad9dc829cf485108f3dd054759270b64eb4b8cb6fcb5e92c033
Instruction Fuzzy Hash: 8311C172408380AFDB22CF11DC44B52FFF4EF56320F0884AAED848B162C275A908CB62

Function 0641625A Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 064162B0

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: f643029e2b63762bca0cb517ca714d5ee0efde9fe10ff8cd96a7a994334c7dcf
Instruction ID: 6699200987dc8b47a665da89b706cd0ce0010457d616384b7488345ad5147c13
Opcode Fuzzy Hash: f643029e2b63762bca0cb517ca714d5ee0efde9fe10ff8cd96a7a994334c7dcf
Instruction Fuzzy Hash: BA01A172500204AFEB219F05DD88BA6F7A8EF44624F1584A7ED049F751D2B4E5088AA1

Function 06410FB8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06411013

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: af495e7030aae04ce80517816108849e5c39dd972d7077a9eb0543cd2efa3296
Instruction ID: 38b4f41199316c9a1c58eae325603bb9f0e9e3aa9b8402998b4c8f608e9107af
Opcode Fuzzy Hash: af495e7030aae04ce80517816108849e5c39dd972d7077a9eb0543cd2efa3296
Instruction Fuzzy Hash: 8211C6765047809FD7218F15DC85A52FFF4EF06320F09809EED858B663D275A958CB61

Function 06413836 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 0641387B

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: db2fa0d2858b2b72232d5a83afb12c41ff3f2e96d59e11ff286560571c194524
Instruction ID: 2134c505a5dc39c23941228e239cb6661ee8f59930284689b115fe71e0a4dc8c
Opcode Fuzzy Hash: db2fa0d2858b2b72232d5a83afb12c41ff3f2e96d59e11ff286560571c194524
Instruction Fuzzy Hash: B6118E71A002408FEB51CF1AD988B56FBE8EF44620F08C4AAED49CF342D274E408CBA1

Function 06412B16 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 06412B67

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: d5b31d6c6c6372220f7eda84a05cd14fda52eee1ff57cee1b4da633e72c86ad2
Instruction ID: f74324ba2be4034ed5816b83f6bd963b2677c5a66153c9eabd93521c9f5ab563
Opcode Fuzzy Hash: d5b31d6c6c6372220f7eda84a05cd14fda52eee1ff57cee1b4da633e72c86ad2
Instruction Fuzzy Hash: AA114C759002049FEB61CF55D944B63FBE8EF04620F0884AAED49CF752D375E544CAA1

Function 00A3A7FA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,99A66032,00000000,00000000,00000000,00000000), ref: 00A3A84D

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 412d198311273ffa99220e76f42b22ca37551ed833f2223483ced891c9c06198
Instruction ID: afc6eeb198352c7aecb9d26b5feec81f56676728952ac4e4c3dcf55293494bf5
Opcode Fuzzy Hash: 412d198311273ffa99220e76f42b22ca37551ed833f2223483ced891c9c06198
Instruction Fuzzy Hash: A701C472500204AFE720CF15DD89BA6F7ACEF54724F14C4A7FD448B751C674E9098AA2

Function 06410C28 Relevance: 1.6, APIs: 1, Instructions: 50timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,?,?,?), ref: 06410C85

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 36787269acf71353ca705cb0412e8d2dc99b38ce1d45a99b6ae2c8825be01d77
Instruction ID: f47e4fd3517d9baaa87fb7e2f7745a3d16bced8d32c591e32b8dab7062405617
Opcode Fuzzy Hash: 36787269acf71353ca705cb0412e8d2dc99b38ce1d45a99b6ae2c8825be01d77
Instruction Fuzzy Hash: 9D11A071408380AFDB228F15DC44A62FFB4EF46220F09C49EED844B662D275A958CB61

Function 064167A6 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 064167F2

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 625e20973d4a97e6c3192c22c1db5943e4096c2c1b494ded14faf4ccfc182779
Instruction ID: 533aa2d28a81fb364983e600b931cc6c7d997c32b7184f3ca1a8e152d8b4444e
Opcode Fuzzy Hash: 625e20973d4a97e6c3192c22c1db5943e4096c2c1b494ded14faf4ccfc182779
Instruction Fuzzy Hash: 42117C369002009FEB21CF55D948B52FBE4FF08720F09C8AAED458F662D335E418CBA1

Function 00A3BD82 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetClassInfoW.USER32(?,?,?), ref: 00A3BDCA

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: 65a3b5567a9899d0e896aa14a05564edf0bb2d2d9212988cfe0d977d15242074
Instruction ID: e0de50925c9b2e0bb34eb9c828df2001c2d806764877a819813d64ff82882697
Opcode Fuzzy Hash: 65a3b5567a9899d0e896aa14a05564edf0bb2d2d9212988cfe0d977d15242074
Instruction Fuzzy Hash: 250184766102008FEB10CF1AD984B66FBE8EF44760F08C0AAEE458B751D375E908CB72

Function 00A3B114 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00A3B16E

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 3a3a84b0384d0cf0e019d52d52f004b322aaa2f72128bccc3222ac5b62d23507
Instruction ID: d7ea900d4830e49764b3f3a9e32654bf39242284626d6856364462908514910e
Opcode Fuzzy Hash: 3a3a84b0384d0cf0e019d52d52f004b322aaa2f72128bccc3222ac5b62d23507
Instruction Fuzzy Hash: 8E115A764087849FD7218F15DC85A52FFF4EF46320F09859AEE854B262C275A918CBA2

Function 06416CC6 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 06416D16

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 9b5814d7ff49078facea9becba7d1c2133b57a577994eee4a56f069beae1bd62
Instruction ID: fb30bcdc92876010025ae54f12012b2ef689ae4d2c0e784635c249408e7850a8
Opcode Fuzzy Hash: 9b5814d7ff49078facea9becba7d1c2133b57a577994eee4a56f069beae1bd62
Instruction Fuzzy Hash: 41017175900200AFD320DF16DD45B66FBE8FB88B20F14856AED089BB41D371B915CBE6

Function 06413B72 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06413BAC

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 191c95e968e98c41dd5e7ae65a94a0830b94cc2e36ebbb93e241a31bf5d473e2
Instruction ID: cd07ceaddeeafb944614af240cbd930edc3a0efd5aa0ad61efbd0c729264a5d4
Opcode Fuzzy Hash: 191c95e968e98c41dd5e7ae65a94a0830b94cc2e36ebbb93e241a31bf5d473e2
Instruction Fuzzy Hash: B301B176A046008FEB51CF29D988766FBD8EF40620F08C4ABED49CF742E275E404CBA1

Function 064153EE Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E24,?,?), ref: 0641543E

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 8b8724025e54aec50d41af6409e56009869655c230732378ddd446052ad0fe65
Instruction ID: f17c4faaa1c6dd8518eb113acb920b0c559e3e40a0c2eff6fc55ff7168a76bd6
Opcode Fuzzy Hash: 8b8724025e54aec50d41af6409e56009869655c230732378ddd446052ad0fe65
Instruction Fuzzy Hash: 67017175900200AFD320DF16DD45B66FBE8FB88B20F14856AED089BB41D371B915CBE6

Function 0641858A Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,?,?,?), ref: 064185D5

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Message
String ID:
API String ID: 2030045667-0
Opcode ID: 4f497f015393c0b43fa4d1b73527af700c2cafbfcf1cc221b61eb944034db0db
Instruction ID: 88c2c1363f163257f3f66174e148851c01671708bef76cec90c5ddc857845b9b
Opcode Fuzzy Hash: 4f497f015393c0b43fa4d1b73527af700c2cafbfcf1cc221b61eb944034db0db
Instruction Fuzzy Hash: 9D015276900640DFEB61DF15DD85B62FBE8EF54620F08C09ADD468B752D375E404CAB2

Function 00A3B78E Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00A3B7D9

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: a3b11c16f9ef9d6c9bdac0d1adea92d502afc01154c070218e5cdeaab4125df1
Instruction ID: bc7d27f2302c3f7d498d8f453e315d00e35b8bed5cf2ba27f43cf87a55c95a31
Opcode Fuzzy Hash: a3b11c16f9ef9d6c9bdac0d1adea92d502afc01154c070218e5cdeaab4125df1
Instruction Fuzzy Hash: 540192765112009FEB20CF15D985B62FBE8EF54720F08C099EE458B751D374E808CBB1

Function 00A3A2CA Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A3A30E

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dab87539074a9a4d6b1da16d77667c2be8be83959fbc52c21a49b2d65ee6d862
Instruction ID: b39ac64351376bfca4e2eba08129893d11c78e0649b60d7160d78055257de8bc
Opcode Fuzzy Hash: dab87539074a9a4d6b1da16d77667c2be8be83959fbc52c21a49b2d65ee6d862
Instruction Fuzzy Hash: 5601AD364003009FDB20CF55D948B52FBE0EF58720F08C8AAEE8A4A611C336E418DFA2

Function 06410AFE Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 06410B3B

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 182f4df8f68cd79206821e69a6c0abf75b60bdaa1602220d9d59705b43959355
Instruction ID: 9f431e6d9804b924007b64619da8a322983ad9674ca5b55040ce31e17877df64
Opcode Fuzzy Hash: 182f4df8f68cd79206821e69a6c0abf75b60bdaa1602220d9d59705b43959355
Instruction Fuzzy Hash: 5C018476A00240CFE7508F56D985762FBE8EF44A24F08C0ABED458F751D675E948CAA2

Function 06410656 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 064106A6

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 2017204bf3594d894b9c3c36e5bbec39d6a5b25196631642c623fb973cf1e8cb
Instruction ID: d358d72551da550b5b70de93655dd8f4aeacd17f737c5fbb6d5c3a771596b05f
Opcode Fuzzy Hash: 2017204bf3594d894b9c3c36e5bbec39d6a5b25196631642c623fb973cf1e8cb
Instruction Fuzzy Hash: 9F016275540200ABD220DF1ADD46B66FBE8FB88B24F14816AED085BB41D371F915CBE6

Function 064144E6 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 06414524

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: ead7d7a17b128111b10d50a1a5144c5eb2453c8e616138f807f0fb465801bda7
Instruction ID: 3b3ba41317f0ca871c220f37641155cc66e8616942bfb21dc60d23b3e6354f69
Opcode Fuzzy Hash: ead7d7a17b128111b10d50a1a5144c5eb2453c8e616138f807f0fb465801bda7
Instruction Fuzzy Hash: 0C0192724002409FDB21CF55D948B66FBE4EF44720F08C4AAEE494F611D375E418CBA2

Function 0641129A Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 064112D8

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: b67dbc242579c48ca96f88c916044775f747d832a73c82cfa68a9fcc86faa79f
Instruction ID: 5fa1f4b8a8c2197a801cfc91f869b546813e144c4b4f22eed99f1d7adb550896
Opcode Fuzzy Hash: b67dbc242579c48ca96f88c916044775f747d832a73c82cfa68a9fcc86faa79f
Instruction Fuzzy Hash: 0A0192365006049FEB618F15D988B56FBE4EF05220F08C49AEE454BB55D375E418DBA1

Function 06413FFE Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 0641404E

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7417e31ce27076243d5d28dc825bfae4cc5aa7e738b27a7c093bdb954d314d8c
Instruction ID: 46a02f98226fa23fff20ed60fbf9c71f1c8f6f714692fd94ba95baf5ef520a37
Opcode Fuzzy Hash: 7417e31ce27076243d5d28dc825bfae4cc5aa7e738b27a7c093bdb954d314d8c
Instruction Fuzzy Hash: E101A275500200ABD220DF1ACD42B26FBE8FB88B20F14816AEC085BB41D371F915CBE6

Function 00A3B2A2 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON

Download Yara Rule

APIs

EnumThreadWindows.USER32(?,00000E24,?,?), ref: 00A3B2ED

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: f4d3a3f82cc0143035bc906f31283d13458a9a4de012168135fda39e95d9c236
Instruction ID: 5f70544ab44bc4678aea1c3c23b2f3b23aea6be84fdd1abd2cb314e8951cac3d
Opcode Fuzzy Hash: f4d3a3f82cc0143035bc906f31283d13458a9a4de012168135fda39e95d9c236
Instruction Fuzzy Hash: 1201A275500200ABD220DF1ACD42B26FBE8FB88B20F14816AEC085BB41D371F915CBE6

Function 00A3A46E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 00A3A4BE

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b92e4c8334ef8fcee08b84bb8c42dcb24f35173b1464c88dfe84bd253ae63c5a
Instruction ID: 3ec70b4a9262ce1df32f615c67e204e164ac4d139a453b96931fc06384b544e6
Opcode Fuzzy Hash: b92e4c8334ef8fcee08b84bb8c42dcb24f35173b1464c88dfe84bd253ae63c5a
Instruction Fuzzy Hash: C401A275500200ABD220DF1ACD42B26FBE8FB88A20F148169EC085BB41D371F915CBE6

Function 0641112E Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06411169

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: da1d1edb32b9808d2c30dbdda3b37e18faa5ba343d39320bdfbd346c0c2c2442
Instruction ID: 1d7651b3f9347b173681d7895aa31170628609716114541cf47522dd996c35a9
Opcode Fuzzy Hash: da1d1edb32b9808d2c30dbdda3b37e18faa5ba343d39320bdfbd346c0c2c2442
Instruction Fuzzy Hash: 8301B1369006008FEB218F15D884B66FFE4EF18220F08C09AEE454B761C275E418CFA1

Function 064113F2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 0641142D

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 7d24f0073008d08cbea9872be4f982ceefce2263284b7bb8a71c8310fa01724b
Instruction ID: ed0d2cb81e34b597d68c5078a6b3efa7ee8326187b99b0284a4df384157d316e
Opcode Fuzzy Hash: 7d24f0073008d08cbea9872be4f982ceefce2263284b7bb8a71c8310fa01724b
Instruction Fuzzy Hash: 33017136500600DFEB61CF15D984B66FBE4EF44624F08C09AEE4A4B761D375E458CFA1

Function 06413D76 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06413DAB

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 144f4211164ed6eeeaa370a1326c791e668dcb8cd48f17e710fcb11c798d3786
Instruction ID: 00bbfd0f8f9d4bf06f737b9a3f3bc8fd4e38b2e14e3e080c50f956dc7fa92c35
Opcode Fuzzy Hash: 144f4211164ed6eeeaa370a1326c791e668dcb8cd48f17e710fcb11c798d3786
Instruction Fuzzy Hash: 2601D636600644CFEB618F16D989752FBE4EF44620F08C0ABDD464F756C375E408CEA2

Function 06410FDE Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06411013

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 022bf8937572e2fed2f701809e5ceed8f99eba34ddcafca9af2d8f9062cf3eab
Instruction ID: 6e4ab9488a93d91f1cc888b27d363b1abc588af59318a891467c77b7b968fac7
Opcode Fuzzy Hash: 022bf8937572e2fed2f701809e5ceed8f99eba34ddcafca9af2d8f9062cf3eab
Instruction Fuzzy Hash: B401A2369002408FEB608F15D988756FFE4EF45720F08C0ABDE494FB52C275E958CBA2

Function 06411352 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 06411384

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: f7bf668de56069a433f2cdc0d13f00636b7945c6af32fdb576f3742f625ff898
Instruction ID: 4fe206813a6560f978e4f70cce59cc8c22177e26f66b7fc2de1b2a9fb68ad4c5
Opcode Fuzzy Hash: f7bf668de56069a433f2cdc0d13f00636b7945c6af32fdb576f3742f625ff898
Instruction Fuzzy Hash: 4A01D6755002448FE7508F15D988752FBE4EF44620F08C0ABDE458FF55D274E448CAA2

Function 00A3AFD2 Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00A3B004

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 1695af259a20a8860b2fcb8f31f3f312f6c44955ac39dffeea93b825586a415e
Instruction ID: 00df67c9f7a8314ae822c50815e179c959a7336112fbfb8f5c8b97bd7b570a3e
Opcode Fuzzy Hash: 1695af259a20a8860b2fcb8f31f3f312f6c44955ac39dffeea93b825586a415e
Instruction Fuzzy Hash: E101AD758002409FDB10CF15D988766FBE4EF45724F08C4AAEE488F352D379E948CAA2

Function 06410C4A Relevance: 1.5, APIs: 1, Instructions: 38timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,?,?,?), ref: 06410C85

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: e11e55a333fa332579f2e8cb3f3e58ba28214468ef392710e58becc7a7f3d012
Instruction ID: 513f0ba8c239f7fcad0c831db4d76c823c60af678472d542a390f111ecaa989b
Opcode Fuzzy Hash: e11e55a333fa332579f2e8cb3f3e58ba28214468ef392710e58becc7a7f3d012
Instruction Fuzzy Hash: 80017C368002409FEB618F05D988B62FBE0EF44720F08C09ADD490B762D775A458CEA2

Function 00A3B136 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00A3B16E

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 748fb5c4f2536e8c54f3f95d89423d086d153241a3c600dfddedeba468816cfb
Instruction ID: c63136b21a74b5a4da944fcf55ffb29d6ace07f4ae72b404f795213a413b5a9c
Opcode Fuzzy Hash: 748fb5c4f2536e8c54f3f95d89423d086d153241a3c600dfddedeba468816cfb
Instruction Fuzzy Hash: 4501AD368006448FDB208F05D988B52FBE1EF44720F08C1AAEE450B762C3B5E908DAB2

Function 064114A6 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 064114D8

Memory Dump Source

Source File: 00000011.00000002.2427958018.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_6410000_OmGui.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 3b4cc2f777d03d37eecc96210c3aeba57ffc18baa40025a16769da1d7f1a750c
Instruction ID: f5da7c81024342f987551787a9b62d42a841ad13738c8d8098eb30bda69378ce
Opcode Fuzzy Hash: 3b4cc2f777d03d37eecc96210c3aeba57ffc18baa40025a16769da1d7f1a750c
Instruction Fuzzy Hash: 75F0A4359006409FEB60CF05D989761FBE4EF45635F08C09ADE454F752D279E508CAA2

Function 00A3A5A2 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 00A3A5D4

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: e7fb9dc652a5e45fa98a6859e1fc8deab6848d281f370d3df74e5a5ba2b476ff
Instruction ID: 55c25b45d081380e245b8d9f08f6621aaad277fd0ad1af45adda5fe0c57f574f
Opcode Fuzzy Hash: e7fb9dc652a5e45fa98a6859e1fc8deab6848d281f370d3df74e5a5ba2b476ff
Instruction Fuzzy Hash: 02F0AF75540240DFDB20CF05D988B61FBE4EF54724F08C0AAED894B756D279E948CAA2

Function 0792B8FB Relevance: 1.5, Strings: 1, Instructions: 282COMMON

Download Yara Rule

Strings

W, xrefs: 0792B8FD

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 1cafe43e4ae718e1cf83e9751e6f4589993eec7aa8f36c1c9d1125a99386981c
Instruction ID: 33c97c21993c3d9d7f250ec57e4b5ad6b6051509122a1b4719a08239228cdd94
Opcode Fuzzy Hash: 1cafe43e4ae718e1cf83e9751e6f4589993eec7aa8f36c1c9d1125a99386981c
Instruction Fuzzy Hash: D7C160B5A00629CFCB24DF68C840B9DB7F1BF49318F248699D819AB365E731AD46CF50

Function 0792C330 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

\, xrefs: 0792C3D3

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 497e8c1936d6e7b8daece81fb2b18f6a6ceb73a2e24ede7d9905c400d8e5b0af
Instruction ID: 200a27a5e375e1656384f932c82c1ff1835262df20157dd27699753752492b69
Opcode Fuzzy Hash: 497e8c1936d6e7b8daece81fb2b18f6a6ceb73a2e24ede7d9905c400d8e5b0af
Instruction Fuzzy Hash: 67613A35701210DFCB58EB34D45976E33A7AB99319B29442DE406CB7A8DF79AC42DB40

Function 07F33760 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

Tqk, xrefs: 07F33838

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: Tqk
API String ID: 0-695902811
Opcode ID: c9c2c89db5ab9704383865d291e38cc8370b8bb20ff5a17ae77b67e8bacfd48a
Instruction ID: be593764a926fcc81720de9f45a4768f3522a60607f14a4b2926c1cbacc920ee
Opcode Fuzzy Hash: c9c2c89db5ab9704383865d291e38cc8370b8bb20ff5a17ae77b67e8bacfd48a
Instruction Fuzzy Hash: 4D611875A01204CFDB54DF68C088AADB7F2AF89314F2984B9E809EB751DB31EC46CB41

Function 07924CC0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

d, xrefs: 07924CE4

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 6241e3da5ea49edcb1445554660a2a90d93040bd2de3ef1398612a8f2caf5a86
Instruction ID: f770d119bacd72e1f15a9162bed0b5137baa24c1ce4d76dbac85fcb329e210ba
Opcode Fuzzy Hash: 6241e3da5ea49edcb1445554660a2a90d93040bd2de3ef1398612a8f2caf5a86
Instruction Fuzzy Hash: 59517470704255DFEB18AB78C4087AD3BA2EF81204F14847AE906CB7A4CF31EC46DB52

Function 07927D38 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

,`k, xrefs: 07927D59

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: ,`k
API String ID: 0-2475398085
Opcode ID: 603cf4035549245370eaed6d5bcf48ef34518e0b19286fe3bf56830fb87ab429
Instruction ID: 17b1c170a7328bd4a07f3d15ed613067c1a86f02674d546fe9fd71bc6a9f270d
Opcode Fuzzy Hash: 603cf4035549245370eaed6d5bcf48ef34518e0b19286fe3bf56830fb87ab429
Instruction Fuzzy Hash: 5E4120707082118FDB19AB78C8156AE7BE2EF89254B24083ED106D7391EF359C068BA2

Function 079217E7 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

T$k, xrefs: 07921827

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: T$k
API String ID: 0-3649692384
Opcode ID: 810a21d061f2157892a08f35650132e036032842f0b7b3ee5ab1615679fa6c0d
Instruction ID: 5f2c6090d755d561e6813eca989b2dc50432637657eb78cc6a453d418086a292
Opcode Fuzzy Hash: 810a21d061f2157892a08f35650132e036032842f0b7b3ee5ab1615679fa6c0d
Instruction Fuzzy Hash: 4A31AA31B002198BEB146AB984143EE7BEACBC1359F04443BD941DB3C1DFB88C4693A2

Function 07925B58 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

", xrefs: 07925B7E

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 03c89a3c2488b613a82174f4e7180a89af201531e37d9217d2279f1e19c74e47
Instruction ID: 92bb39a16fd369d97d39e1a6deafca24854915b4614f503e8578eb590b8220f4
Opcode Fuzzy Hash: 03c89a3c2488b613a82174f4e7180a89af201531e37d9217d2279f1e19c74e47
Instruction Fuzzy Hash: 3731B1B4B002158FCB14EF69C488A6EBBF6FF89318F2540A9D402DB365DB709D06CB91

Function 07F3374F Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

W, xrefs: 07F3375D

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: db44f37c4c060eb5fe22fb0aafc5871ce84722e897d74f399f91763488a0333f
Instruction ID: 3f76aee2c3ea819b66450999b9031086e8543e4477a3360815902e7a67e45c21
Opcode Fuzzy Hash: db44f37c4c060eb5fe22fb0aafc5871ce84722e897d74f399f91763488a0333f
Instruction Fuzzy Hash: 63313A75A05609DFDB04CFA8C4846AEBBF2BF49314F248469E805EB251D771ED82CB80

Function 07F35740 Relevance: 1.3, Instructions: 1325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0b63a909f1f5f6f21186de63210e4ce30d100d8dd5aa4a525a99d260d8fb746
Instruction ID: 53d06c31750a8347d1d57e3bbf4ba26a4ffebf485844efff703e6d5456b4db1f
Opcode Fuzzy Hash: a0b63a909f1f5f6f21186de63210e4ce30d100d8dd5aa4a525a99d260d8fb746
Instruction Fuzzy Hash: 68E23871A10228DFCB269F20C949ADDBBB6FF45304F4684E8D18967265CB359FA8CF41

Function 00A3A70C Relevance: 1.3, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 00A3A780

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: db5116c75c2ac905cc5c5d4fa8f87cc0f30aac3f7511b6143a48fe141365e9ef
Instruction ID: 67e636b97e5aaf3ca5bc07cfd6079c1ed58e5e9f808a4031dc68240dff65997e
Opcode Fuzzy Hash: db5116c75c2ac905cc5c5d4fa8f87cc0f30aac3f7511b6143a48fe141365e9ef
Instruction Fuzzy Hash: 8E21D7B54093C05FD7128B25DC95651BFB8EF17320F0984DBED858F2A3D2755904CB62

Function 07925B48 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

", xrefs: 07925B7E

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: d05d0fba4cb38e13a7723a28c1085f09eaa2ad8970711b4610c52c2fa94fbf3f
Instruction ID: 8da8fff5abfac4665dd44d21377599c708fc8b9c8b076dd65d2b7ddb7065ecf9
Opcode Fuzzy Hash: d05d0fba4cb38e13a7723a28c1085f09eaa2ad8970711b4610c52c2fa94fbf3f
Instruction Fuzzy Hash: 6621BCB5B002159FCF14EB69D8489BEB7FAEF85324B1500AAD005DB361DB709D16CBE2

Function 07F3326D Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

W, xrefs: 07F3326D

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 56f2dffb100bdc571507623aa4014694b5ebcc9fc0329914496815fe81ec8483
Instruction ID: 78097842a68c81d2fc1f62e2b3a5240b0f102b25fa0abff2065c108d44df9ed8
Opcode Fuzzy Hash: 56f2dffb100bdc571507623aa4014694b5ebcc9fc0329914496815fe81ec8483
Instruction Fuzzy Hash: 3A11A7367406208BD765AA3C941035AB2DBABCC358F2954BDC905E73C4DFB99C038B95

Function 07F3573F Relevance: 1.3, Instructions: 1302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abb5687c022ef360c68aa5725ea8b8a06b1a61ee77f44ed26faf883fb45b2109
Instruction ID: 68e1604bb2711755aaacd4c90c8b6a57b0d9e2e08e726d7de49736f28bcfc176
Opcode Fuzzy Hash: abb5687c022ef360c68aa5725ea8b8a06b1a61ee77f44ed26faf883fb45b2109
Instruction Fuzzy Hash: A3D23871A10228DFCB269F20C949ADDBBB6FF45304F4684E8D18967265CB359FA8CF41

Function 00A3A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,99A66032,00000000,?,?,?,?,?,?,?,?,6C7D3C78), ref: 00A3A780

Memory Dump Source

Source File: 00000011.00000002.2415280988.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a3a000_OmGui.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 485de728c7fc4a05741c1605e38760c6818b9a766eb6bc4d02fd7ca26c6d0d1f
Instruction ID: 34e1e699331e7a5d892ac8ac5379cc763846e3481dba7ebade33d982bf8b5c2a
Opcode Fuzzy Hash: 485de728c7fc4a05741c1605e38760c6818b9a766eb6bc4d02fd7ca26c6d0d1f
Instruction Fuzzy Hash: 87018F765002408FEB10CF15D989766FBE4EF55720F08C4ABED89CB752D275E848CAA2

Function 07F35190 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

W, xrefs: 07F3519D

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: e8cf375e035e00c4cfd901f96e7b7cbe38dcd9d58012ece9e2f8e2872a447781
Instruction ID: 42beb10bd788bd7fc4d4dc4146aee7a7de862d22cfad58181e39d9585fdb2053
Opcode Fuzzy Hash: e8cf375e035e00c4cfd901f96e7b7cbe38dcd9d58012ece9e2f8e2872a447781
Instruction Fuzzy Hash: 3EF0A03270A6048FC3059A7D94544AAF7E7FFCA225B1540BAE80DC7722CE315C06C780

Function 07926798 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ab2dbc89f383da7bfe78654fac03288012bcc51af8538e2297c1bee87fdc163
Instruction ID: 1a5587e48d7f10dc35fb8f20e08639afa3cf6fe91e768ba1ffea1cd48d7e67cd
Opcode Fuzzy Hash: 1ab2dbc89f383da7bfe78654fac03288012bcc51af8538e2297c1bee87fdc163
Instruction Fuzzy Hash: 9A2249B5A00229CFDB21DFA9C580AADBBF5FF48304F24816AE851A7B55D730E942DF50

Function 07925360 Relevance: .5, Instructions: 501COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f115c58c7e133c676bcf252ddd1654e5a6fcddc732717eea7b6ccd5431765f21
Instruction ID: 47fdea1d271b5cebff938b236a42b8c6e207fc0903c8edc79c5c6f2c4ec7a83c
Opcode Fuzzy Hash: f115c58c7e133c676bcf252ddd1654e5a6fcddc732717eea7b6ccd5431765f21
Instruction Fuzzy Hash: 1E220874A00615DFCB14DFA4C088A6DBBF2FF89319B2181A9E8168B755DB31EC56CF81

Function 07F378D7 Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4cfcdb6abe5401a1f8e9cc1e89fe213f516a3fa48a00c78b70f4f3a7b727b0
Instruction ID: c7266143241081f17993e3b5c8c5f2897ff4c2c269c13aa952812811deff1aa8
Opcode Fuzzy Hash: 2c4cfcdb6abe5401a1f8e9cc1e89fe213f516a3fa48a00c78b70f4f3a7b727b0
Instruction Fuzzy Hash: 58122974A00215CFCB25DB34C984BEEB7B6AF88304F1188A9D94AA7354DF349E99DF50

Function 07F36F17 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d328d214f278ff224c33b8dc348430ddb7871a3b8c50cb9fc5f27e27c88bfd
Instruction ID: fb6af59330569c7d28032f7972ca0918c515e0b0ee492f2820ea04d882065b23
Opcode Fuzzy Hash: 71d328d214f278ff224c33b8dc348430ddb7871a3b8c50cb9fc5f27e27c88bfd
Instruction Fuzzy Hash: AE127A36A00618EFCF159FA4C948ACDBBB2FF48304F1584E9E249AB271DB359A55DF40

Function 07F36F18 Relevance: .5, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d6037450ff2e56e4a22dc69a7c7f565c6bb4f75d02caaf000926ca610dd4c2
Instruction ID: f00747db0431ea0e166acca00b5f41e33bde5926b4ba6154d6579d0db056dda8
Opcode Fuzzy Hash: 45d6037450ff2e56e4a22dc69a7c7f565c6bb4f75d02caaf000926ca610dd4c2
Instruction Fuzzy Hash: 62127A36A00618EFCF159FA4C948ACDBBB2FF48304F1584E9E249AB271DB359A55DF40

Function 01135113 Relevance: .5, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001134000.00000040.00000020.00020000.00000000.sdmp, Offset: 01134000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1134000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66cbf319ee1523ca18302e86c091c694820c4b1dd2580c203415358fd9fb0a92
Instruction ID: ad4af1625b0b61d6e6d65a2fcb47016f321acbc1a5017012d87827f76214ed8e
Opcode Fuzzy Hash: 66cbf319ee1523ca18302e86c091c694820c4b1dd2580c203415358fd9fb0a92
Instruction Fuzzy Hash: BC91C17544E3C15FC7038B349CA0A967FB4AF57624F1A81DBE880CF2A7D269590AC772

Function 079204B8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afe09e6be02fd694c0fd764b8a80c10e723052314cd2a6f086cda4aad0eed34a
Instruction ID: 667be4ee25b1ea6cd723174cb16793c4799598117d0892dc40ccafeae0c25a6e
Opcode Fuzzy Hash: afe09e6be02fd694c0fd764b8a80c10e723052314cd2a6f086cda4aad0eed34a
Instruction Fuzzy Hash: 49E11A74A0122ACFEB64DF64D998F99BBB2FF48304F11859AD409A73A5CB309D85CF50

Function 0792452F Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b59a361673ee15713a7c52a9e73256d40fe6567e5e833e9c2b766a3364c42f8
Instruction ID: e17395ee32946351fe44d72b3306e2575fa3c558448fa6f42b8bdc11fbe78984
Opcode Fuzzy Hash: 5b59a361673ee15713a7c52a9e73256d40fe6567e5e833e9c2b766a3364c42f8
Instruction Fuzzy Hash: 47E118B4A00229CFDB64DF64C988B9DB7B2FF89304F1481A9D559A7365CB319E82DF40

Function 07928C60 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e49f30c654566bbbd84cd62f207e5ea79a31b93f1623d185a310eff020acd2b5
Instruction ID: 232e551178aacb48f6c260b7b77ddb20684ed117fdfb7c79c7fad6cb50087759
Opcode Fuzzy Hash: e49f30c654566bbbd84cd62f207e5ea79a31b93f1623d185a310eff020acd2b5
Instruction Fuzzy Hash: 57C13DB4A00225DFDB14EF68D484AADB7F6FF89309F148468D802AB354DB75EC46DB90

Function 0792B900 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c5dffe76e33520ff8216229a0516d24ec763f9be7e49b67369538d08a60aa97
Instruction ID: 68462ba4a67f85f8c36d08c3e92a5db89f30d3c8e3cec51b0d9966e5963ea3a4
Opcode Fuzzy Hash: 9c5dffe76e33520ff8216229a0516d24ec763f9be7e49b67369538d08a60aa97
Instruction Fuzzy Hash: 60C160B5A00629CFDB24DF68C840B99B7F1BF89318F248199D819AB364E731AD46CF50

Function 07929C78 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d060f4ff550435131565372f61cf3909e86e5f6cf15db24a2bf52620649dc88
Instruction ID: 687f69a5257a5b0a4feee2df7dc4d7a03aadadd632b678ffe8e28ef6c9da9684
Opcode Fuzzy Hash: 8d060f4ff550435131565372f61cf3909e86e5f6cf15db24a2bf52620649dc88
Instruction Fuzzy Hash: 24B1C0B07002128FDB14AB25C5587BEBBE2FF85318F148469E506E77A4CB34AC4ADB91

Function 07F383B8 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d80c30588e9a68ec960943e0ecb96092d5a1dd641fdaf50c65ff38e1da97d929
Instruction ID: cf444472cfb160b55589daf7867f46ede9e7bcd61d1df76a4be6d0176e17eed8
Opcode Fuzzy Hash: d80c30588e9a68ec960943e0ecb96092d5a1dd641fdaf50c65ff38e1da97d929
Instruction Fuzzy Hash: B3B18F71A00219CFDF259F65C948B9EBBB2FF48300F5644D8E9496B250CB35AE95CF90

Function 07926788 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2fd03e2e6a921e467829c54895c7afcda1e8cbeaee9741dc76fc031c4277f45
Instruction ID: 034d1a8f75bf863578ab0d68ae1a5eb47a53f203574a496637ce2492bbbcce2a
Opcode Fuzzy Hash: c2fd03e2e6a921e467829c54895c7afcda1e8cbeaee9741dc76fc031c4277f45
Instruction Fuzzy Hash: 19B129B5A00269CFDB20DFA9C480AADBBF5BF48304F248169E854E7B56D734E941DF50

Function 07F307B1 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ace51ab7c80a6cc42391ee2c557fe30b8b317f816777e7f367b6fafb0b1cacac
Instruction ID: 721aa4d82089cd1d437e25fad1f6415f21ae1250cfb1ec4c9f495e0d87b30abb
Opcode Fuzzy Hash: ace51ab7c80a6cc42391ee2c557fe30b8b317f816777e7f367b6fafb0b1cacac
Instruction Fuzzy Hash: 7AB10BB4A00219CFDB24DF24C998BA9B7B2FF84304F1581E9D51AAB391DB31AD85CF51

Function 0792D72F Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb2872e105397e600d2bc5380e952cceb2e8cdd12c9b029cb275fa8b463b8cb9
Instruction ID: a735394855cf2a592eb238b17e385f7eb14a6a176f8cd60399c85dfeb53c964f
Opcode Fuzzy Hash: eb2872e105397e600d2bc5380e952cceb2e8cdd12c9b029cb275fa8b463b8cb9
Instruction Fuzzy Hash: A771E4B4B002128FDB14EF68C4587AEB7F6AF88304F148569E502DB399CB74E846CB90

Function 079247DF Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b70ff77a59424a89789415074500be307c47f4a5c518cdb41b4e714bdc1a5ff5
Instruction ID: 33d9c431a4ce7d7b75e3e90b425e2cd0e13f999d8159f5df314004e7c423c338
Opcode Fuzzy Hash: b70ff77a59424a89789415074500be307c47f4a5c518cdb41b4e714bdc1a5ff5
Instruction Fuzzy Hash: DF91FBB4A00229CFDF64DF64C948B9DB7B2FF88304F248599D509A7265CB319D86DF40

Function 07921A90 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beda91e472e1e15ce8adbc959482e32cacb44d23439176395078b9bc9ea141db
Instruction ID: a39c8ea3c5be25ca836bae111b786c09e062fd318f1eb9d5722c78ddb9c9fb4e
Opcode Fuzzy Hash: beda91e472e1e15ce8adbc959482e32cacb44d23439176395078b9bc9ea141db
Instruction Fuzzy Hash: 77617C747001018FDB58EF70C998A7EBBB7EFC9214B248469E9068B7A9DE35DC06CB51

Function 0792686E Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b367b9087528cc6020864bb202f09199a6344794154de1d6f2c459a516844f82
Instruction ID: d8e0efc2eba2f7ee8df63dbcca9f64ef7acad5db9513aebfb6764ba1e171af40
Opcode Fuzzy Hash: b367b9087528cc6020864bb202f09199a6344794154de1d6f2c459a516844f82
Instruction Fuzzy Hash: FC714CB5A0026ACFDB20DFA9C440AADB7F9FF09304F2481AAE854E7A55D734E941DF50

Function 07924866 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d124e48b58df54573da02004d13f0b02a7e045a2bd3c90c0b152aabaf1ca22c
Instruction ID: 92b688e986b6680edd67ac396d5d7c3d09df45447508dc83e6cd95e9a7e1d98d
Opcode Fuzzy Hash: 9d124e48b58df54573da02004d13f0b02a7e045a2bd3c90c0b152aabaf1ca22c
Instruction Fuzzy Hash: B2812DB4A00229CFDB64DF64C988BDDB7B6FF88304F2481A9D509A7265CB319D86DF40

Function 07929370 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 196536159734a06e68238213180d312268fd3a74f3df91d7a66e229893fa906f
Instruction ID: fae3dcb8397885e055a18c4aebc988096d3277b9b8216358d0eb3d7e07b4040d
Opcode Fuzzy Hash: 196536159734a06e68238213180d312268fd3a74f3df91d7a66e229893fa906f
Instruction Fuzzy Hash: E1517CB0A042158FDB25EF74C59869ABBF2FB89314F10496DD406E7794DB31EC46CBA0

Function 07921D70 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6e43c105defa15642403f1e70e7950e1ec7c1b8a2f6622803373a5857000b8a
Instruction ID: dcfbac0444abbd8acaf93ef417b812fcbbe3b295b6c473bb1963d4ab8045d28f
Opcode Fuzzy Hash: f6e43c105defa15642403f1e70e7950e1ec7c1b8a2f6622803373a5857000b8a
Instruction Fuzzy Hash: D051EA78A001259FC718DF24C994AA9B7F6FF88314F15C095D809AB365EF31AE85DF41

Function 04DE1249 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 015e8ede1d73e2947f247751844ee9d83d2c1246b311d7cafdf2fee119a5c194
Instruction ID: b8586d1c967a702f4397ac46ac9175b87c61869a4644d0ca1ab7b68b49f43b45
Opcode Fuzzy Hash: 015e8ede1d73e2947f247751844ee9d83d2c1246b311d7cafdf2fee119a5c194
Instruction Fuzzy Hash: 6D51F738B002048FCB54EB74C559BAD73E2AF8D315F2540A8E906AB7A5CF36AD45CB91

Function 07F37600 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 103ba11e0bfc155c5299538aae1280dc0419439e3eb6b0c78d0d8e5b799ed566
Instruction ID: 19f1ed6d4c4f4e5f4aa1af4c43147ad67c414c9006733373ca7f284010f1aaac
Opcode Fuzzy Hash: 103ba11e0bfc155c5299538aae1280dc0419439e3eb6b0c78d0d8e5b799ed566
Instruction Fuzzy Hash: E0515DB4B107018FD725EA38C59476AB3EBBFC8209F29486DC45A97394DF35AC41CB60

Function 04DED7D0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f8676c9b2c078f22771194b06935db3913dcc77c6f85b26e4a7b48660d32664
Instruction ID: 76f83e938c63ca60af1d8d06c9d94426a0040e2926d91494cf73484a473c1863
Opcode Fuzzy Hash: 6f8676c9b2c078f22771194b06935db3913dcc77c6f85b26e4a7b48660d32664
Instruction Fuzzy Hash: A0413F756093828FC316BB7558582B5BBE3AFC2210B5986BBD045CF393DE355C4AC352

Function 079204A7 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba621cc585598ea087276acf3522c4ab795107c499a47747ee7045db77e78af
Instruction ID: 9baa41bde37a64e42055af3bc9b3c28884a4787b326569a94ecf7012416b8999
Opcode Fuzzy Hash: 5ba621cc585598ea087276acf3522c4ab795107c499a47747ee7045db77e78af
Instruction Fuzzy Hash: 4C611A74A0122ACFEB64DF28D958F99B7B2BF48304F1181AAD40DA7365DB309D85CF50

Function 07929AD0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c3a0e47e08ee518abaeb5d380c98ed909166843639992e792a3d20e2e98105c
Instruction ID: 9b75df81372092612416ebf7d510548732d5db60840d43ec65ff493d8c14cdce
Opcode Fuzzy Hash: 2c3a0e47e08ee518abaeb5d380c98ed909166843639992e792a3d20e2e98105c
Instruction Fuzzy Hash: D94112703043518FE729AB35C85476A3BABEF85218F04803DE506CBB95DB35EC46D7A2

Function 04DE1700 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c250fc1e68513c07b56b19b95f77f4ec99a1ea81ce09bce64b2d1e67a6b752c2
Instruction ID: 192e893c3152b9d1cb975876c47049af90c834f846183c1c3fcccbe774f62562
Opcode Fuzzy Hash: c250fc1e68513c07b56b19b95f77f4ec99a1ea81ce09bce64b2d1e67a6b752c2
Instruction Fuzzy Hash: 6251D574B00704CFC724DF69C498AAAB7F2BF89305B1449ADE4169BB61DB35AC49CB60

Function 07925C58 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe7bfa4358593d82a2be7293f75548a68937f54c6852f691c38ea97cc97f491
Instruction ID: 109e20475a274bbd37d987520776ee9f28aec9904aee8559e5e8dfc4978964ff
Opcode Fuzzy Hash: fbe7bfa4358593d82a2be7293f75548a68937f54c6852f691c38ea97cc97f491
Instruction Fuzzy Hash: 1B5103B0A041368FCB14EB18D0886BEBBB6FF45208F1684A6D461CB258D770DDA6DB91

Function 0792CF10 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5018ddbe96d8641fb56c89fdd121a5d08bc7c39090d2afc6e67d7901a31068d3
Instruction ID: cd164cb4881de43edc51bcbe9a1d19906e594fddc42a57394790454f9832213a
Opcode Fuzzy Hash: 5018ddbe96d8641fb56c89fdd121a5d08bc7c39090d2afc6e67d7901a31068d3
Instruction Fuzzy Hash: 8741E4B0700226CBCB24EF78C5596AE77E5AF89649F104429D806DB358DBB18C47DBE1

Function 07927740 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40df320987a8afc76995159bb0f5a13212529878b9c9395e56640376622ed07
Instruction ID: 4d65d91a3b8dd7293b92bcb4fe1e55046ed04d2f281a2c36d8ed3318f85bac89
Opcode Fuzzy Hash: a40df320987a8afc76995159bb0f5a13212529878b9c9395e56640376622ed07
Instruction Fuzzy Hash: 4441D5747042218FD714EFA8C858AAA7BF6FF89315B108569EA07C7394CB71DC46CBA1

Function 07922703 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6889ca4907bc8a16e02f4460f68e0cbee84e22b97401f4c57851b2e1f4d9b673
Instruction ID: a60b8c84669011566c7bfa727fd9af39d16b27f34097477e28ee54c3a4839c67
Opcode Fuzzy Hash: 6889ca4907bc8a16e02f4460f68e0cbee84e22b97401f4c57851b2e1f4d9b673
Instruction Fuzzy Hash: 4B518674A00129DFDB24DF24C988AA9B7F2FF48315F1580E5D809AB365DB31AE85DF00

Function 07922613 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32568712bf812ebf328ffb2550327985db8f24fb678bd0f5f2b5a21a988b17b4
Instruction ID: e82b4dde60042c7e01f4ac9f388edf2031cb2e41b252aac5e4756c44cc701d97
Opcode Fuzzy Hash: 32568712bf812ebf328ffb2550327985db8f24fb678bd0f5f2b5a21a988b17b4
Instruction Fuzzy Hash: D6518574A00126DFDB24DF24C988AA9B7F2FF48315F1580E5D849AB365DB31AE85DF00

Function 079225B6 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54b10440ae84ef07e4b2e35caf79b54f636bff8243863d75b322867df1cc1d78
Instruction ID: ab3c284157ccf74996415c41a6a06324ace8e79220517d2395973e1304f7b330
Opcode Fuzzy Hash: 54b10440ae84ef07e4b2e35caf79b54f636bff8243863d75b322867df1cc1d78
Instruction Fuzzy Hash: 0F518474A00125DFDB24DF24C988AA9B7F2FF48315F1580E5D849AB365DB31AE85DF00

Function 07F33568 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 787323fe3bc6dd01e2b0608760d9519ca0aab64e35e03253117c6e0fc8650fb3
Instruction ID: 69c9293e18b3a89042b4606154e74773c4f0ea0301513d7d0f752dcc73d875c6
Opcode Fuzzy Hash: 787323fe3bc6dd01e2b0608760d9519ca0aab64e35e03253117c6e0fc8650fb3
Instruction Fuzzy Hash: EA417671E012188FCF44EFB8D9885AEBBF2AF88208B25446DC005AB355DF399D16CB91

Function 07F33571 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32e13fb7c9fea6024c7633b4313465e98c9fb51919c005989e6ca974ad789ae
Instruction ID: d7391d424fbfe2f6aeac56b00c2b29df82e9d07fe1fbf2cff2bcf761d2db04c0
Opcode Fuzzy Hash: f32e13fb7c9fea6024c7633b4313465e98c9fb51919c005989e6ca974ad789ae
Instruction Fuzzy Hash: 34416871E012188FCB45EFB8D9885AEBBF2AF88208B25446DC405EB355DF399D16CB91

Function 07F33578 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7d605b2f39276ab45348f9cb5efd239295866c5b60810d5d76c628f19d3131
Instruction ID: 265260389f1aade85ee3da9680a543813151084a1db067af655eccf6dd7b9783
Opcode Fuzzy Hash: 4a7d605b2f39276ab45348f9cb5efd239295866c5b60810d5d76c628f19d3131
Instruction Fuzzy Hash: 48416771E012188FCB44EFB8D9885AEB7F2AF88208B65446DC005AB355DF399D16CB95

Function 0792D673 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8416d3443f15d67ecbcd5aa068ca7f6dcaa9118a338e74fe235f3fe34ada72dc
Instruction ID: 31b58ba7104cd23f1f7f68822a5565adbf14c13fb8c2fe68f2a9d69aaff26fdb
Opcode Fuzzy Hash: 8416d3443f15d67ecbcd5aa068ca7f6dcaa9118a338e74fe235f3fe34ada72dc
Instruction Fuzzy Hash: E8315C72B086659FCB11EB78E850AEEBFF9DF8A318F04455AD445E7285C770AC41CBA0

Function 079270D0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b68ace0d3222700c6f8d2712983c847a13b7c4e60d5afe4c4b6a841561e81097
Instruction ID: 0919ec54a3e8af16dc6c2872cc87f00f50b07511cbdd359d31712e924a2310cb
Opcode Fuzzy Hash: b68ace0d3222700c6f8d2712983c847a13b7c4e60d5afe4c4b6a841561e81097
Instruction Fuzzy Hash: 9731E671B042299FDB15DBA9E8186DEBBF5EF49214F00803BD515E7381EB31980ACBA1

Function 0792ED92 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db6a8dfce4705abe073a29eae296ec6daf68dbe41330dd0f6753f1639c0181ca
Instruction ID: c60e7455bf661a63f2a43f54c2efcf4c57eb7d2c1d67f4c1e96befb20d0fbf05
Opcode Fuzzy Hash: db6a8dfce4705abe073a29eae296ec6daf68dbe41330dd0f6753f1639c0181ca
Instruction Fuzzy Hash: F741C774A002298FDF20DF64C988B9DB7B5FF08318F14809AE919AB255C7359996DF50

Function 0792B7E0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 545346c192919df8cd46be20300d9795b4a4f2e6a0cd2ff2dd23a943403c8420
Instruction ID: 4b38677fa47a944aaf202c31d0cb4e7ab9970a1207ec2d500024f0bdcb1c18dc
Opcode Fuzzy Hash: 545346c192919df8cd46be20300d9795b4a4f2e6a0cd2ff2dd23a943403c8420
Instruction Fuzzy Hash: DD31A1F4705211CBC7257A348418365B3E6EFC5219F29887DC80A8B399EF72D887D761

Function 07F33440 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8110e4bee2e6f36481fb2b3a808d76e02010a3e63a9bf445e3387bec7ae278
Instruction ID: 1de19b4282a125534a158fe24c89e1e5231b26f720d5d5ef0d6890a033813bc1
Opcode Fuzzy Hash: af8110e4bee2e6f36481fb2b3a808d76e02010a3e63a9bf445e3387bec7ae278
Instruction Fuzzy Hash: 0031AF71700201DFDB18EB34C855BAEB7B2EF89709F20402DD81A9B395DB76AC52CB91

Function 07F375C7 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25be9bbfbf1412ce8f6230b5feddae299f2d07a28e79f3971419741fb3fad7d
Instruction ID: ed72603426c8ec10af84d8a05ab90032f15d9eca5785a6122f29b76159617aa6
Opcode Fuzzy Hash: f25be9bbfbf1412ce8f6230b5feddae299f2d07a28e79f3971419741fb3fad7d
Instruction Fuzzy Hash: 6221D8B4B083809FD315D738C491B6B7BE6AF46314F19446ED05ACB292CB75AC05C760

Function 07F33450 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dcd94da15c8e570ce3c08a5f7684650d7c0178f936b60d49b5af0c311843a5e
Instruction ID: 01042a9333007b9af058f75fd62427e9a06f4991374572f2f30deb7d60ce7ba0
Opcode Fuzzy Hash: 1dcd94da15c8e570ce3c08a5f7684650d7c0178f936b60d49b5af0c311843a5e
Instruction Fuzzy Hash: 1931AB307002069FDB18EB34C845B6EB7B2EF89309F204029D81A9B394DF76AC42CB91

Function 04DEF0E8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d8ac39fff15e3eb6d2a400eed5c1d8d5c266e4c32223378668abcfa4a97f03
Instruction ID: 6ebf66d33d1fb6eb2eb391f9ec627169c7acf4f01fd1ea2c5216132432e24986
Opcode Fuzzy Hash: 79d8ac39fff15e3eb6d2a400eed5c1d8d5c266e4c32223378668abcfa4a97f03
Instruction Fuzzy Hash: 4431F435310609DB9728BB36D99063A73E7BBC4244724891DD902CB788EB3AFC469781

Function 0792D9B0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca2873f346b1bfac59bef2a1dde5a335322bac44d402ea724994505288c4f23
Instruction ID: cf6ae38639d06d07637bd664607ed9018b69f6bef906e9f6fb0692312ef1d26b
Opcode Fuzzy Hash: 3ca2873f346b1bfac59bef2a1dde5a335322bac44d402ea724994505288c4f23
Instruction Fuzzy Hash: F6314CB0E00219DFDB58EFA5C494AAEBBF2AF88314F148429D406B7394DB705C42DB91

Function 04DE1560 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2318fa5d2b9dd7a6e8b7de9d6448e8ade1c82db84fd5e196571a0c94f4809acf
Instruction ID: 34da4bd8e4839b08d362b9e7c87ae8c447f9b7dd70c5452304456ee5c522789b
Opcode Fuzzy Hash: 2318fa5d2b9dd7a6e8b7de9d6448e8ade1c82db84fd5e196571a0c94f4809acf
Instruction Fuzzy Hash: 9D217F303007004FE318F774EA66A6A72E7AFC5614B65C82DE446DB795CF39EC0987A1

Function 07F38D70 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ecab857d9c15a77af40d78efa7771befe5cd9f97bc8fb845e79a94948027c88
Instruction ID: bf045787c9d5be06b024046d95902520cd1d6547e844965083d0b7b1df1ccf6d
Opcode Fuzzy Hash: 4ecab857d9c15a77af40d78efa7771befe5cd9f97bc8fb845e79a94948027c88
Instruction Fuzzy Hash: FC21FE347006108FC759AB39C8586AFB3E7EFCA355B254479D40ACB764CF32AC068B95

Function 0792D9A7 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5ff1ee93b590dac9c956bbbeb3ef3f146b4b7801fae225ffee1ceb862d102b
Instruction ID: 033368ec436ec3aae833ab4d638ab8fd581ba667faa1cae26b670e2497ca9e0d
Opcode Fuzzy Hash: bb5ff1ee93b590dac9c956bbbeb3ef3f146b4b7801fae225ffee1ceb862d102b
Instruction Fuzzy Hash: 30316FB0E00218DFCB58EFA5C454AEEBBF2AF88314F14812AD405B7354DB705C82DBA1

Function 0792B6CB Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72931907f352019d984de6b0615a6fadd4c6d2a98c0c25ca6a1cca269e36105b
Instruction ID: e12bf3fd16e19340ccc9f3a2cc38eabc5e17277abd12bd2e3d373e3caf0f735e
Opcode Fuzzy Hash: 72931907f352019d984de6b0615a6fadd4c6d2a98c0c25ca6a1cca269e36105b
Instruction Fuzzy Hash: 14214C7120A3108BC32AAB3885542AA77A3AFC2359F194D7ED4565B7D2CF36F842CB40

Function 07921628 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba13dc62d52075fca5a3c3df75f5c9aa9c681b58be45893ea0d797fb768d96c9
Instruction ID: 4b28bd0ddb6e0c9653a8fd98781e4ac168934d0f54cf5cedc673ca15002c4b01
Opcode Fuzzy Hash: ba13dc62d52075fca5a3c3df75f5c9aa9c681b58be45893ea0d797fb768d96c9
Instruction Fuzzy Hash: 53214872F005188F8B60EFB9E8415DEF7F5EBC8228F14817AC519E3204EB355E568BA5

Function 07925EC0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b584de49d359c1d44b998fb0bb9f4bd60891b441118a0fe55802ee3588728e63
Instruction ID: 20033f2567869e3eb30fe4ad2a59becd8d50e05f09ccc62e3930d0074d10f65b
Opcode Fuzzy Hash: b584de49d359c1d44b998fb0bb9f4bd60891b441118a0fe55802ee3588728e63
Instruction Fuzzy Hash: 6D21AE71A002199BDB04EB69D885BEEB7F6BF88224F114039E406E7754DB34AC069B91

Function 04DEF878 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd7953da9d5c24f08d87e4d9c35f000b0bd5e3c05f4eb327096ba4d080a59ac2
Instruction ID: 06ade94d29265403bb892f146acfd981265f5a706acbb79ed2e77ff6072fb76c
Opcode Fuzzy Hash: fd7953da9d5c24f08d87e4d9c35f000b0bd5e3c05f4eb327096ba4d080a59ac2
Instruction Fuzzy Hash: 1F310A34A00208DFDB14EFB9E888BADB7B1FB48304F11845AD951AB3A5C774E845CF61

Function 0792B6D9 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ab9dfd02ccb5cd47e22e35dd0be7d97eba72a326917abb986ae1e3b1339a8f2
Instruction ID: 3bfa3c1696c0d9529f6c8a6184c62f2ef023ed4f3d314f7d157d3394ae4e587d
Opcode Fuzzy Hash: 9ab9dfd02ccb5cd47e22e35dd0be7d97eba72a326917abb986ae1e3b1339a8f2
Instruction Fuzzy Hash: D921383530A3108BC329AB3885546AA77A3AFC135AF254D7DD45A5B792CF36F882CB40

Function 04DE1570 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c208e76ac89b6e4c5bfabdba19a9077476b12a015e2bdb72b62943daa7e5ea43
Instruction ID: e8b9ddf2c6e5c22d86f13106ef241768a7d1f8d699587ac069b59b4aae82f7af
Opcode Fuzzy Hash: c208e76ac89b6e4c5bfabdba19a9077476b12a015e2bdb72b62943daa7e5ea43
Instruction Fuzzy Hash: ED217F303006004BE218F735EAA6A6F72DB9FC4615B65C82CA4479B794DF39FD0987A1

Function 04DED48B Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fc2ef30e549225d2f139faad6e688a6ea01201576358751282bb85ebf048795
Instruction ID: 58f3d2378c72c2fbc9f9e46ad0734039abf4f95b662c6040423bcd3602bc6e35
Opcode Fuzzy Hash: 2fc2ef30e549225d2f139faad6e688a6ea01201576358751282bb85ebf048795
Instruction Fuzzy Hash: 582104302043018FC315AB69D95896ABBF7EFC6224715856EE05AC77A5CF74FC0AC7A1

Function 07921A80 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9e72930c20fde4c8d4c7586fe9042be6207c0aca97f1250cae5056fd6ec35f
Instruction ID: c328351d57a70db268b046c6a531a9880c51df8d2be370941144d3f6f05e8d38
Opcode Fuzzy Hash: 5d9e72930c20fde4c8d4c7586fe9042be6207c0aca97f1250cae5056fd6ec35f
Instruction Fuzzy Hash: 9D214C747002158FDB08EF70D9A496ABFB6EF89215B1480A9E905CF3AADB31EC15CB51

Function 0792B6E0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a523768e5decfda419fdd4da66d3699738573c8f6b72a44d822e2e7307ecef
Instruction ID: 4432ce17843288bd8eac10df23b4ce91eb7f86502d602916064ed9d0994dd69c
Opcode Fuzzy Hash: b6a523768e5decfda419fdd4da66d3699738573c8f6b72a44d822e2e7307ecef
Instruction Fuzzy Hash: 0321273520A310CBC329AB3985542AA77A7AFC135AF254D3DD45A5B792CF36F882CB40

Function 0792CE30 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2750887e0e082e8e3c9321f5ed9033ea5eeccb9f7b5f13c31bcb3d2d6c47f390
Instruction ID: d3ae10388a56ccbbfb1b79fc17ea1c40c132b539510876f6b041419d32f0d471
Opcode Fuzzy Hash: 2750887e0e082e8e3c9321f5ed9033ea5eeccb9f7b5f13c31bcb3d2d6c47f390
Instruction Fuzzy Hash: 3021C371B002258BCB15EBB8C9567AEB7A6EF89344F20043DD506D7380EF759D0587E1

Function 0792B7DF Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9789273769db1c180b3f190c4b5ebc687019ffcbc4db316ef3b6d4ec8825d4b6
Instruction ID: d10cea88f7e61b820575e242ab17d6ac020a74e029855b3b627c939dd1c930e2
Opcode Fuzzy Hash: 9789273769db1c180b3f190c4b5ebc687019ffcbc4db316ef3b6d4ec8825d4b6
Instruction Fuzzy Hash: 552183F4605221CBCB257A348454765B3E6EF8521DF19847EC80A4B399EF71D843D750

Function 0792CE3F Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3722c7e4ede1af57bbf1500d75a9c2c4110b285485458433bc0f5b545e2c6cd1
Instruction ID: fc2b33094cfba59424ced819d9453c333e92191ab1b9efcb75551391fb7e74fa
Opcode Fuzzy Hash: 3722c7e4ede1af57bbf1500d75a9c2c4110b285485458433bc0f5b545e2c6cd1
Instruction Fuzzy Hash: 7E21C371B002158BCB15EBB88956AAEB7AAEF88244F200039D506D7380EF359D0587E1

Function 04DEA087 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 710af43fc61918262557871fd47dc2b9901faba4167c2ff8273d50d9b58a0d89
Instruction ID: 078f835a95c7509109853ca7ab74d314f0dbc81fe1f5b10216e3b0181157987c
Opcode Fuzzy Hash: 710af43fc61918262557871fd47dc2b9901faba4167c2ff8273d50d9b58a0d89
Instruction Fuzzy Hash: E92162316052908FDB19DF3588942D93762BFC6318F1985BDD80A9F357CE76AC0ACBA0

Function 07F33350 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae8ce7e3545e72a011841035d8902d8d38d1220870ce8c1b56ee24f1ead6278d
Instruction ID: 67fd0b90664e6a9860fa5fb2986da62453834021e01dd8229b8a6402304225c6
Opcode Fuzzy Hash: ae8ce7e3545e72a011841035d8902d8d38d1220870ce8c1b56ee24f1ead6278d
Instruction Fuzzy Hash: 82210A34A002188FCB04EB78D9459EE77F6BF89305B2440B9D809EB365DB36AD01CB91

Function 07F3334F Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fccf6e13b8b429b2a40a7ce5c32803586301ceba054d236eb3a7e7bd5b9d0f66
Instruction ID: fcc8577ab39c447cd9bd988e9dc7bf948ad8d4318cd0bebf172a8dedfc8a3c26
Opcode Fuzzy Hash: fccf6e13b8b429b2a40a7ce5c32803586301ceba054d236eb3a7e7bd5b9d0f66
Instruction Fuzzy Hash: 6B210A34A002148FCB04EB78D9559EE77F2BF89305B2440B9D809EB365DB36AD01CB91

Function 07F33260 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65668ac6c3a55ca65cd25cf8f0e574ffc19081025dae423f61d6f495b2fbcdd2
Instruction ID: c0d9d01a9fce2948e52cb5a5fb8efa18f0749e5ae8f4215be6c19826fdd1e5ca
Opcode Fuzzy Hash: 65668ac6c3a55ca65cd25cf8f0e574ffc19081025dae423f61d6f495b2fbcdd2
Instruction Fuzzy Hash: 5911C4367402208BD365AA3C941075AB2DA9BCC358F2944BDC806EB784DFB99C038B95

Function 0792CE40 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a295d731e49b197d6da136dbe6492d8e2834b8cd142e437978d6921ffb6045
Instruction ID: 656136f816516bbabd7c02abcaec338d253de1f423d5bac43bbc7d3ae393a935
Opcode Fuzzy Hash: 24a295d731e49b197d6da136dbe6492d8e2834b8cd142e437978d6921ffb6045
Instruction Fuzzy Hash: 6221A571B002158BCB15EBB8C9566AEB7BAEF88654F20043DD506D7380EF759D0587E1

Function 0792CF1F Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003a153980fb08b99f4e08a88b72bf75924747265430bc389dbaad512a03f950
Instruction ID: 43a9955d41440d3b1ed5d463c5984f1d8ba4c09083a9be863a9a32323d5ec168
Opcode Fuzzy Hash: 003a153980fb08b99f4e08a88b72bf75924747265430bc389dbaad512a03f950
Instruction Fuzzy Hash: BD21C3B1B10226CBCB24EB78C8596AEB7F9AF85205F00443AD906D7354DBB18D46D7E1

Function 07927730 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c75db707e015656dd00637cde5fcc265cb1f2674a70e3e9e9d263486f578b11
Instruction ID: 21e0857be03f7ae3178750900a92d77ef4271cfe1e5a0a6af2fc5bd71ede3d11
Opcode Fuzzy Hash: 1c75db707e015656dd00637cde5fcc265cb1f2674a70e3e9e9d263486f578b11
Instruction Fuzzy Hash: A821E475304221CFD715BF68C448A6A3BEAEF85715F10406EEA06CB365CB71DC46DB91

Function 079250A0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d503eba6eca8bca825391690f5a748307da1f8034571187cf0de1ae84a0a0bce
Instruction ID: bba6196a2f05b319c71e2138aba2c81e0be61cd1f612de6393885e7a57a13069
Opcode Fuzzy Hash: d503eba6eca8bca825391690f5a748307da1f8034571187cf0de1ae84a0a0bce
Instruction Fuzzy Hash: C02175743002209FC725DB34D45896AB7E6FF8A22572645AED506CB756CF31EC06CB91

Function 07F375F8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a59d11a3102dc2411388155a02d5cb8a7599521a7e7d58f91b0111255a4f177a
Instruction ID: d763fa433679dceb093192d37d3f7f70a0decd70ad5e34cda3b477bb644bce43
Opcode Fuzzy Hash: a59d11a3102dc2411388155a02d5cb8a7599521a7e7d58f91b0111255a4f177a
Instruction Fuzzy Hash: 6321A1B4B003419FD725E738C595BAB77EABF85308F24846DE42AD7285CB35AC00CB60

Function 07F33270 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b75435e694da4708d9a1b72ed52fb4ca53ac9999e8055cc6ed359a3ae085f86
Instruction ID: 4b5e9046cd51bc8d812140c9da8778eab079a782d47c2ff45b1f3c58ba59c7ab
Opcode Fuzzy Hash: 2b75435e694da4708d9a1b72ed52fb4ca53ac9999e8055cc6ed359a3ae085f86
Instruction Fuzzy Hash: F311A7367402204BD3646A3C941075AB2DF9BCC368F2954BDD905E7384DFB9AC0347D9

Function 07927400 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd366551cb7920f2073eb70fc2285cef54648a315048f4dfd363ea25d69e5a8
Instruction ID: 37e69801f0b44a18ebe2c9bce710ac355443c59baae933ee150be541f699fd1d
Opcode Fuzzy Hash: 4bd366551cb7920f2073eb70fc2285cef54648a315048f4dfd363ea25d69e5a8
Instruction Fuzzy Hash: A511C1703082155FDB149E2DDC41BAA3BDAEF86224F14413AFA06CB3E5DA71DC0687A1

Function 0792DCA0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e02a26d8f13e9b454fc4f2c8bad88892dcc5c6d834c7b31f8f6383f6de7084b
Instruction ID: 7b49c340924dd86330cefb2d54275d314fd568d650732568c63f358a42df4bd4
Opcode Fuzzy Hash: 8e02a26d8f13e9b454fc4f2c8bad88892dcc5c6d834c7b31f8f6383f6de7084b
Instruction Fuzzy Hash: 7421B771B00625CBDB25AB64C4457AE7BB5AF89758F24042DC401BB788CFB59C47DBD0

Function 04DEA098 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb1a8b2e5715db46a743edcae4bad539102b71c61d1cc230b70363c06402efa
Instruction ID: 7b4d02bb62b5a3cae0cb95b61e24555edefbfc771f293ff59688cc4b45d6fc23
Opcode Fuzzy Hash: 1cb1a8b2e5715db46a743edcae4bad539102b71c61d1cc230b70363c06402efa
Instruction Fuzzy Hash: 631160316002508BDB28DF39889429D3352BFC6314F1984BCDD0A9F356CE76AC09C7A0

Function 0792DC90 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bf198c0d2efbb9d3c40aafb0f18baf536dda6780ce05149b33478548870697
Instruction ID: 77b6da3a249d2c1ad531e48afdae19477c368ae671685c4eea91a556a246700a
Opcode Fuzzy Hash: 79bf198c0d2efbb9d3c40aafb0f18baf536dda6780ce05149b33478548870697
Instruction Fuzzy Hash: 4611D371B002258BCB25AF34C8457EE7BB5AB89329F24042EC001BB688CBB59847DBD0

Function 04DEF7A8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7457d91c56b163d8ecf1b6d970b1b021dbfe954c4a1a586dbd8375110edca5
Instruction ID: 5f6c5efdfc22c3c668f1a1b653467be115ad379c392e08e47e8ab8009a7fdc9c
Opcode Fuzzy Hash: ab7457d91c56b163d8ecf1b6d970b1b021dbfe954c4a1a586dbd8375110edca5
Instruction Fuzzy Hash: 90213A30E08388AFDB20AF66D8087AEBFF59F45314F04046ED085A7791D770694D8BC1

Function 04DED300 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8232a1b540d87e2e9dc834ca5e24e9d4eb00cb85d0f9485b8957ec0d541ef1
Instruction ID: f7453c9fae433c4599c107e5cdd0f407cbad7a4578cd5e263e05bf7f3fbda6b5
Opcode Fuzzy Hash: 6e8232a1b540d87e2e9dc834ca5e24e9d4eb00cb85d0f9485b8957ec0d541ef1
Instruction Fuzzy Hash: A511C030A09245CFDB10AF35DA4D3AA7BF2E751304F11006AD105D7681DB382D19CBA1

Function 011304D8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4095144846a2e3f78e3df8787d1a83ed13b6d728683d1042bfe90318e3590b
Instruction ID: 1ca7286a3583989bcff0dbfadc6b655ba7a069a51750ed175a103cc21df7de16
Opcode Fuzzy Hash: fc4095144846a2e3f78e3df8787d1a83ed13b6d728683d1042bfe90318e3590b
Instruction Fuzzy Hash: 3211A3724097C09FD7228F15DD44B62BFE8EB46650F0984AAE9858B653C339A944CB62

Function 01130C94 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc73d1542b241f0bb38ea137e94073fe7e81cc4e3568ef0ea6351e730e25004e
Instruction ID: 527ff00a2b65d03f96bb536167f9c830ba9378707881437776dedf909d8200bb
Opcode Fuzzy Hash: bc73d1542b241f0bb38ea137e94073fe7e81cc4e3568ef0ea6351e730e25004e
Instruction Fuzzy Hash: 1411D2302042449FD319CB14C644B19BBD5ABCC718F24C59CE9491B65BC77BE807CA41

Function 07F31F61 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3940d98b41664bab3fa1374c8ab5b1d4e74dd73ac8220e8f40fa9f1b1acfba
Instruction ID: ee039bff16f70793d5ab0f63d77da3ee17509e59362ec3edf6eb343e5eb9cd20
Opcode Fuzzy Hash: 6c3940d98b41664bab3fa1374c8ab5b1d4e74dd73ac8220e8f40fa9f1b1acfba
Instruction Fuzzy Hash: A201C4713051008FD3159B38C894B6977E6BFC6215F2840BAE945CF761CB71DC058741

Function 07921718 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36d21d2ec24648992f6e5eea6ef796e0063121227bf86a15473e6b80df4bedb
Instruction ID: 5827cce8b880ac1845eb01b0795fc953dcd1f549b01d4d2e96f48f84523a12fb
Opcode Fuzzy Hash: f36d21d2ec24648992f6e5eea6ef796e0063121227bf86a15473e6b80df4bedb
Instruction Fuzzy Hash: 9211C470A002198BEB14AB7984157EEBBF59F88354F04842DD406E7380EF7848469BE5

Function 0792AE38 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44bdaaf5927dbd913cafe283c2aca94b46034b6b21b8f0d12a36410fa0b78a32
Instruction ID: 8b3942667fd79a31af9f8a8a0e8258295f2c6ca0139e24b3a126a847a232a7f0
Opcode Fuzzy Hash: 44bdaaf5927dbd913cafe283c2aca94b46034b6b21b8f0d12a36410fa0b78a32
Instruction Fuzzy Hash: EF117CB2E002199FDB14EFA4C4586DEBBB6EB88214F20842AD906B7344DB745946CBA0

Function 04DEFF7F Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9e377931fccd46b7b93a45ab511552faf921ee09d9f1a24ae9b8c90f6e9b86c
Instruction ID: 3e0450c72e891f017c2069ff5e7d1cfae08cebd9ba22a162452443c5875a19fb
Opcode Fuzzy Hash: d9e377931fccd46b7b93a45ab511552faf921ee09d9f1a24ae9b8c90f6e9b86c
Instruction Fuzzy Hash: 21F0BE31205040DFE704EF39D1D4AA9B3A1FF8531932249AAC6C587A09C730B88FCB51

Function 07F35417 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 103e0f0e98a80dfba2d442edbbd7bb370208daf517942953311e08e038779f28
Instruction ID: 9519758c6f34104a4d8221a992692b08c03a60d66964aacbec4ca425f85ed31e
Opcode Fuzzy Hash: 103e0f0e98a80dfba2d442edbbd7bb370208daf517942953311e08e038779f28
Instruction Fuzzy Hash: 16115E7190010EAFDF109FE5CD45EEE7B79FF88314F154059E514A3160D7359525CBA1

Function 079274A8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edaddf477006ebd1bc48cb9598ad0c1af145a995c841fded9960f207a435efe6
Instruction ID: 1980d842b0268f61db9b0d64723b84b167c7a0ae8e0b9beb520e6a8d5d02a209
Opcode Fuzzy Hash: edaddf477006ebd1bc48cb9598ad0c1af145a995c841fded9960f207a435efe6
Instruction Fuzzy Hash: 2B11B67160021A9FDF14AFA4C814BEE7EB2EF88314F144029FA05E7350DB758D569B91

Function 01130C64 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90880cb72edff3efb211d5632534f3efbe07a71c183c46f156c1a6e8b871b8c0
Instruction ID: 0f0e8e1e6b37916a18991374a1b37cb3c2d659cfd34f4d5b47674d473c652c5c
Opcode Fuzzy Hash: 90880cb72edff3efb211d5632534f3efbe07a71c183c46f156c1a6e8b871b8c0
Instruction Fuzzy Hash: 00218E3510D3C48FC717CB10C950B54BFF1AF8B614F1985DAE4849B6A7C77A9806DB52

Function 07924C4A Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbed60feb12b72da318899eed529ba816bb43d9f78cd1a688d75859d48fe32b4
Instruction ID: a224b0b3bf6786f73ee97e60b20620e0e8573a8a3a91d29a10af38a177ea28e9
Opcode Fuzzy Hash: dbed60feb12b72da318899eed529ba816bb43d9f78cd1a688d75859d48fe32b4
Instruction Fuzzy Hash: 2E0108F13097F78FD722FD5D94006B57B589B41969B09007AD941CF27AE221CC43ABD1

Function 07927498 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea661e6890e8f3576ed9fcfb08fa1f77f8d9f00d34374ff6efbac75b67607c07
Instruction ID: a014b89c35192e20cf4e535f62da2ac7538c699c3368303eef3f531cea2359a4
Opcode Fuzzy Hash: ea661e6890e8f3576ed9fcfb08fa1f77f8d9f00d34374ff6efbac75b67607c07
Instruction Fuzzy Hash: D2110471A0421A9FCF159FA8C804BEF7FB6EB48321F000039E900F3290DB7288569BD5

Function 04DE16F0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec9368d6f9e4b89d446d409dd9d79269c44c78efaee904b8ac2e5500ce42973c
Instruction ID: e7230b01d639fe7e8fd08ef6d3ae749d52c39a2030ff4c9090d7814800ba7088
Opcode Fuzzy Hash: ec9368d6f9e4b89d446d409dd9d79269c44c78efaee904b8ac2e5500ce42973c
Instruction Fuzzy Hash: 9801F570B002106FD714AA79D8459EA77FADFCA354B1400B9F405D7751DE30AD0987B1

Function 07F336C3 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666a9eb9d26b52ae17e7786ace464afbe69f19e749e1a503608a576fd468a309
Instruction ID: cb2ea68e6516401bebc4e209276f11877bf66e3ca555471fcd8e0a85035c54d1
Opcode Fuzzy Hash: 666a9eb9d26b52ae17e7786ace464afbe69f19e749e1a503608a576fd468a309
Instruction Fuzzy Hash: 6711823160A3808FD716CB34D8946A67BB1AF86319F1940FED8498F293CB759C46C751

Function 07921728 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7f74eeffee5efcc415ee1f7c42de2ea607ce23e1c73d1f96d926ba592a6cfc
Instruction ID: b4cf3f2742dc809445f980d3c8dce3082474367bfb191052a1a45735edc852ca
Opcode Fuzzy Hash: 9b7f74eeffee5efcc415ee1f7c42de2ea607ce23e1c73d1f96d926ba592a6cfc
Instruction Fuzzy Hash: 4311E570A002198BDB14ABBA84147EEBAFAAFC8314F04842DD406E7380DF784C059FA5

Function 01135421 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001134000.00000040.00000020.00020000.00000000.sdmp, Offset: 01134000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1134000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47bbcc3eeb9a9dc27423c8b3060fddca11394bf24e45031902de26466aa16d97
Instruction ID: a857e6db215e425a7e7d6b95ec9727610ceb9e687ba447c97b836cf2eccab672
Opcode Fuzzy Hash: 47bbcc3eeb9a9dc27423c8b3060fddca11394bf24e45031902de26466aa16d97
Instruction Fuzzy Hash: C10188B24093846FC701CB15DC45D56BFF8DF96624F09C4AFEC888B656D275A908C7A2

Function 0792EF90 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97571948a71e882d121e063193f438b72f6b965fdd7ed13d460af886b7c8819e
Instruction ID: 15e5a400432f57cf33464bb09949c2ee774297e7557c5fbb80f2696caa5d255a
Opcode Fuzzy Hash: 97571948a71e882d121e063193f438b72f6b965fdd7ed13d460af886b7c8819e
Instruction Fuzzy Hash: E2111BB5A00219AF8F41DFA8C8459AE7FF6FF88314B10806AFA04D7311E731D921DBA1

Function 0792D678 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4e3e27d245f48929f851622c0fa2b3ca158a378d4e58642fd9536ebfef9dbf4
Instruction ID: aca201770fdcded6e36cd9981e111f0f96a28a82d48d44b7a3a3f71c117bb6c5
Opcode Fuzzy Hash: a4e3e27d245f48929f851622c0fa2b3ca158a378d4e58642fd9536ebfef9dbf4
Instruction Fuzzy Hash: EB112E71A005199BCB14EFA9D490AEEBBF9EF4C214F108529E505F7244DB30AD45CBA0

Function 04DED678 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672d2b069c7656c1b94b080483a27d047332cb4dddf5b9955f7dcb4640d1efad
Instruction ID: a012026d8fb61660ec1358b98380733785e636a9a98ae0af17fa4e047ab9a0bd
Opcode Fuzzy Hash: 672d2b069c7656c1b94b080483a27d047332cb4dddf5b9955f7dcb4640d1efad
Instruction Fuzzy Hash: 9001A7356183055FC705AB78A6466DD3BE59B85218F00486EE049DB686EE35AC0987E3

Function 011304FE Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8392f133653ede05ba0203f01812441127424e3989491c0903a0134287139edb
Instruction ID: 657f07a7e905f2bd1b2722d50c3614206f4f9cc05831517b45130c193a9cccdc
Opcode Fuzzy Hash: 8392f133653ede05ba0203f01812441127424e3989491c0903a0134287139edb
Instruction Fuzzy Hash: C001D872504780DFD715CF19DA84761FBD4FB88624F08C46AED054BB86C379E544CAA2

Function 07F31F8F Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9be9ae6fa25e6da7f4ab2b05d998b7e20be07612f60d31c8109d3eba710c19b0
Instruction ID: 54a7d406ad113a8b8adc8a6963f1d0465058aae6a3109e3506a0ff410c94394c
Opcode Fuzzy Hash: 9be9ae6fa25e6da7f4ab2b05d998b7e20be07612f60d31c8109d3eba710c19b0
Instruction Fuzzy Hash: 4E018F753011108FC7149B39C898A6AB7EAFFC9214F28807AE905CF760CEB2DC058791

Function 0792DDAB Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7513530e839925fe859af0d91cfb949724947a8e9df597adc004b00387c6d9d5
Instruction ID: 07f5827c173d7cd83e65f4f01cb35c2278802d8354e93e7c8166669ad0b26c02
Opcode Fuzzy Hash: 7513530e839925fe859af0d91cfb949724947a8e9df597adc004b00387c6d9d5
Instruction Fuzzy Hash: 3301D471B009189BDB24AB65D9087EFBFF5DB89314F00446AD006E3641DBB11A068BE1

Function 04DEF240 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ede029198cbd730a44b4e9d84314a7624c2fbde1b3f0854dd607b648354064f
Instruction ID: 8289bf6e412151f7450ba390354fad756869fdcc48ba355f917e593bc8e91310
Opcode Fuzzy Hash: 7ede029198cbd730a44b4e9d84314a7624c2fbde1b3f0854dd607b648354064f
Instruction Fuzzy Hash: CC01F4763005025BE328EA6EEC497717A5BEBD8220F090039F149C3383DF25EC098361

Function 04DED710 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdad5f2caa250e8fa4d97dc0848ae746fb5c11051caa43391d747f3c37135da5
Instruction ID: 59b0bf76fedaf7cb4beb5d83b27fdc1bb2c477ec77f8f7bcaeb50c018d02b15c
Opcode Fuzzy Hash: fdad5f2caa250e8fa4d97dc0848ae746fb5c11051caa43391d747f3c37135da5
Instruction Fuzzy Hash: B401B5363003429BD324BB36DA4C7E677A7ABD0214B1AC929D04787755DF70F9498791

Function 07927040 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02e6919d4aacd742878519ed8b45fb3a48c01189aeaaae81234c3440e5b609d
Instruction ID: e5e81fcfed366a9b96c0005d00079dedfeea83e09ac71cdefc410e1fcd68718f
Opcode Fuzzy Hash: f02e6919d4aacd742878519ed8b45fb3a48c01189aeaaae81234c3440e5b609d
Instruction Fuzzy Hash: 9801B1343001058BDA84AB68D55DBA9B3D7EFC5344F15C429D60ACF784DF71BC0A8BA5

Function 07F3A441 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 689979c0ab8b28621d59245a4c14eb3106799705cb26ef54c65c36e9b6c95472
Instruction ID: 9ffcdd1ea8c176bec35a365fa935b230ecea12653cb773db61da218358b2981f
Opcode Fuzzy Hash: 689979c0ab8b28621d59245a4c14eb3106799705cb26ef54c65c36e9b6c95472
Instruction Fuzzy Hash: 890126767051509FCB14FB38D00896E77A79FEA21432940AEE40ACF769CE75AC02CB91

Function 04DEF230 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eede8a96f838ff9bf6ab8bb4391035e36506fa24bfa7d1fe53392206caef4815
Instruction ID: 59695d1e7d3054ff8042b2b0db7491ca8dfdb12a7aef6bbd7b61c5834129ddb2
Opcode Fuzzy Hash: eede8a96f838ff9bf6ab8bb4391035e36506fa24bfa7d1fe53392206caef4815
Instruction Fuzzy Hash: BA01A9372485915FE329F65EAC053B12F66D796220F09007AE188C7383DB259D0683A5

Function 011305E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2886beeff25ada5b7208422412b3226c373cd1621a42654e9bf808f1b77c5371
Instruction ID: 352e59f816d77e559d977fca4bf781b9c2a1661fc7c958be9aeb76d01404ad88
Opcode Fuzzy Hash: 2886beeff25ada5b7208422412b3226c373cd1621a42654e9bf808f1b77c5371
Instruction Fuzzy Hash: 4F0186B65093806FD712CB06AC44863FFB8EA86620749C49FEC498B652D225B908D7B2

Function 079252F7 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfc100dd65f1582633fa7a5363e5a28795291af97128b982bef037ab7151ee7
Instruction ID: 0ebe00ee58d1ab4a5d1d56c0d52fa12a2baf505056674da986ac33e0e4ec4dd6
Opcode Fuzzy Hash: 7cfc100dd65f1582633fa7a5363e5a28795291af97128b982bef037ab7151ee7
Instruction Fuzzy Hash: E3014B35700A54CF8718EB69D488D6EB7EAFF8822571540AAE90AC7760CB70AC49CB41

Function 04DEFAEF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc40ae5164ee7266cbc1ad9a44ab1856ab69608f5348e19e1e52ae67a53e42c8
Instruction ID: 30c5a40af02a1ec4a39626a0a2b7b5e9c38e6391d024a3ab404a80fe957ceccc
Opcode Fuzzy Hash: fc40ae5164ee7266cbc1ad9a44ab1856ab69608f5348e19e1e52ae67a53e42c8
Instruction Fuzzy Hash: 03115A74A0628AEFDB00DFA5D595AEDBFB5FF48314F244548E141A7241CB30E989CF90

Function 07F3A4E7 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86610511b83df9d7919b4e2862e649728391e931c0a85bf8345ff5c77e2962de
Instruction ID: b8f1ed053b3fd4ef903a1a7ea216a345716135a8e81bc0fc3938644f2e337079
Opcode Fuzzy Hash: 86610511b83df9d7919b4e2862e649728391e931c0a85bf8345ff5c77e2962de
Instruction Fuzzy Hash: 24011734210610CBC754EB34D458ADA73E2EF8A316F1504B8D40A8BB65CF76AC46CB81

Function 07F3A450 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdb230680f2477d1bf09562a9660aa6304169fa8b87bc9a680a0c53ae1cc93cf
Instruction ID: 0ccce348411112044c7640cba1f98fbe6268a513bdbb165db79d5f313e13b508
Opcode Fuzzy Hash: bdb230680f2477d1bf09562a9660aa6304169fa8b87bc9a680a0c53ae1cc93cf
Instruction Fuzzy Hash: AD0162753111109FC628FB79D01895D73AAAFD6218325416EE40ACB769CF75AC41C791

Function 079252F8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d0f263004ff3c0921cb1dc0f35a4c1f3e2c3f3c2225aa0e932fe841f6fc358e
Instruction ID: bb797cf4d60d64965a8737b2941f2790cc6b64a025f4ae10bab78226749101a5
Opcode Fuzzy Hash: 0d0f263004ff3c0921cb1dc0f35a4c1f3e2c3f3c2225aa0e932fe841f6fc358e
Instruction Fuzzy Hash: 08014B35700A54CF8718EB59D48896EB7EAFF8822571540AAE90AC7760CB70AC49CB41

Function 04DEF1F8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 366908b1f38f06f36e9f4461a8ca458760d676f24a522039abc03b34482dc5a7
Instruction ID: 20b51aa791b261b7846f8c839e19e3be3da3c46039054c5eec5dea225f78b109
Opcode Fuzzy Hash: 366908b1f38f06f36e9f4461a8ca458760d676f24a522039abc03b34482dc5a7
Instruction Fuzzy Hash: DD0126313043449FCB24AB32E41467A77E6EB80225710C81FC845CB680EB35FC058781

Function 07F3A4E8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d4ad96093858ac61b40b329489865634e78bbaa65812efbe8b9b2c5034ef06e
Instruction ID: 39646cd00f4c6986465cca534af158ae6986ce02e8a0f4f1703219ade9c38ce2
Opcode Fuzzy Hash: 1d4ad96093858ac61b40b329489865634e78bbaa65812efbe8b9b2c5034ef06e
Instruction Fuzzy Hash: A401D334211610CBC754EB34D458A9A73E6EF8A31AF6509B8D40A8BB65CB76AC46CB81

Function 07928C50 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7915164b7b1ff306910a22d54f67471937bced7f7b7e2770b350926437e27e80
Instruction ID: 4db15c95d70f07f52c0d07cf69ecc0663fbdb87bc9bef7c32b44e611e9003628
Opcode Fuzzy Hash: 7915164b7b1ff306910a22d54f67471937bced7f7b7e2770b350926437e27e80
Instruction Fuzzy Hash: 6F0184356083148FDB05DF68D8549DDBBF5EF89215F11009AD444EB361D739DC09CB91

Function 07F3B548 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9de13258b255f6c216a45bcd867cdcdb647e22a01140837432a774609441205f
Instruction ID: 4778d12a5f753cc9b2985d11d29b90fe5aab70ca89c7a87f4082dbe99b13d22b
Opcode Fuzzy Hash: 9de13258b255f6c216a45bcd867cdcdb647e22a01140837432a774609441205f
Instruction Fuzzy Hash: 03F04C7210C3824FC3269A6AD8253D23BD59B8B321F1801B7D14CC72E3DA1458CAC391

Function 07927030 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf3d363bce5647cbc0feb10acf8a93b8ac810e13a7ae03a43302ff8419522ab
Instruction ID: 48134d71248414a0eb87ad8280d0256516b2685d5963f4d5921acdff07cbca2c
Opcode Fuzzy Hash: 0bf3d363bce5647cbc0feb10acf8a93b8ac810e13a7ae03a43302ff8419522ab
Instruction Fuzzy Hash: FDF0F9353402055FD7409B64D419AA6BBEAEF85714B05816AE60ACF381DE71EC0A8BB5

Function 07F336E0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e8e8017e671a6eaebca5ac9445cffa5402738e25b91373375f9d1f759da2a8d
Instruction ID: 661df9a904270fbbc8cee59bcea4d18cca50081108a9f6b8a2061456b52c6be6
Opcode Fuzzy Hash: 9e8e8017e671a6eaebca5ac9445cffa5402738e25b91373375f9d1f759da2a8d
Instruction Fuzzy Hash: DC016931302200CFD714DE78D894A6A73A6EFC635AF1544BDD80A8F355CB75AC42CB90

Function 07F37801 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5af3c62d7825cca2070bedac6fdd109c16fb27fe0462e072381acc112ad6f5
Instruction ID: d6f64be828980d545ed7427f62568cb4226394232190f452d1e5eecdae1e9f13
Opcode Fuzzy Hash: 2a5af3c62d7825cca2070bedac6fdd109c16fb27fe0462e072381acc112ad6f5
Instruction Fuzzy Hash: A5F090B1B042005F8724AB3DE894A6BB3E7AFC9214724857DE40ACB758DF35DC098770

Function 011304B4 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c7435982296bd81af512b1edd55a964d32039304d33378555c35316852a64d
Instruction ID: 3809c96f5572247dcbeb8048fa7a33f1f95e77d8ac1441019e48fd82379356a5
Opcode Fuzzy Hash: 42c7435982296bd81af512b1edd55a964d32039304d33378555c35316852a64d
Instruction Fuzzy Hash: 5B012C3540D7C08FC7128B259954751BFA4EB46524F0884DBE8898B697C329A508CBA2

Function 0792E450 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ec0d99e6e84dfdab28c34ac49c81dcd4a734abfd6bf157a5f44876d779ea39
Instruction ID: 6ccd3cce43caec3e24eebce35815c6e8431cbb26ea471fc785f3f95ce8f160c4
Opcode Fuzzy Hash: 65ec0d99e6e84dfdab28c34ac49c81dcd4a734abfd6bf157a5f44876d779ea39
Instruction Fuzzy Hash: 9601D13020A389DFC70AA77099291593BB69F4621071505E7D541CB7E2DE345D05C762

Function 04DEF750 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89be622680bf4f0b90e4e71cfb9fcc023c80013b0b64804a17ffc463b0b995c9
Instruction ID: 8195d35cabc8e1b7236569e539bbc7d017c9291932783409ed2aa19ce7d95d96
Opcode Fuzzy Hash: 89be622680bf4f0b90e4e71cfb9fcc023c80013b0b64804a17ffc463b0b995c9
Instruction Fuzzy Hash: C5F05B3130475067D7347F5BA488767F7EEEBC5625B19093ED14AC2150CE70A9498291

Function 01130C44 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b64a114d3f52428c5a3f5e01dce4a35fc463bcc78befd089fe3e613def89d0
Instruction ID: 30b609b8ec352bb8a8994cefdde9f9c3a6d13e226eb4d942b33ae11418a9f3ad
Opcode Fuzzy Hash: 19b64a114d3f52428c5a3f5e01dce4a35fc463bcc78befd089fe3e613def89d0
Instruction Fuzzy Hash: 0B01443510D3C08FC317CB10C554B15BFF1AF8A618F2986DAE8895B6A7C73A9816DB52

Function 07F3539B Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fad10af051a344e05c763cf066c2f01368c2b88317c3495d1076afeb16c0660
Instruction ID: 37da6fb3b9f7f8e72d90a133593edb36169a8c73a62b98cd35323e19f50fd989
Opcode Fuzzy Hash: 5fad10af051a344e05c763cf066c2f01368c2b88317c3495d1076afeb16c0660
Instruction Fuzzy Hash: 0FF0F43A200501EF8B254F91C805895BBF7FFC9316318806AE11A87A30C775A415DF51

Function 07F353A0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbdfcab2063b95fcb9a1167a2cd843018e41bee9b01ee7dcd8278ac51be5e7f1
Instruction ID: a925b825c87271036c17db092d788b2ca2b7aa4e0e983b9d53d74aea46d0a404
Opcode Fuzzy Hash: bbdfcab2063b95fcb9a1167a2cd843018e41bee9b01ee7dcd8278ac51be5e7f1
Instruction Fuzzy Hash: 24F0C23A200205EF8B254F95C846C59BBF7FFD92263188069E11B87A70C775E465DF52

Function 07F324FF Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b112666d17d8936ae7bc8cce562a7a8e819da50cb3419afbc8065bcff7e0ddaf
Instruction ID: bb0354d9cf1d9d91e436df65580a4df820b154de8cdd52c711f7f92e94fcfa88
Opcode Fuzzy Hash: b112666d17d8936ae7bc8cce562a7a8e819da50cb3419afbc8065bcff7e0ddaf
Instruction Fuzzy Hash: 85F0C9B5E002189F8B54DFB9D4459DEFFF5EF8C210B10817AD909E3310E6319A45CBA5

Function 07F37810 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 293a03ca62b714155bbc79e6fcb3aee465b535cb57c0e0a183ca1188a6b4f867
Instruction ID: 1f2ba3489b5dcae874c91ee62cdb4ec580db7adcc064aa8399e5696fc3540f3c
Opcode Fuzzy Hash: 293a03ca62b714155bbc79e6fcb3aee465b535cb57c0e0a183ca1188a6b4f867
Instruction Fuzzy Hash: 91F054717042005B8724AB3DD994A5BB3EBABC9514724857DE406C7714DF35EC0987B1

Function 07927630 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5408c31e219c1c500e435a6c7f62753873e3046a7042ae20fc015491409118f
Instruction ID: 0eb495ed1d67383de619be9db6938a76bf8026b6c4881052a0c9a11b588e4686
Opcode Fuzzy Hash: e5408c31e219c1c500e435a6c7f62753873e3046a7042ae20fc015491409118f
Instruction Fuzzy Hash: FEF04C7120C3609FC7125A5C4804C5A7FD2FFC9214F09455EF1C593259C735C842E7A3

Function 079210B0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a00e001bf30235020d94803dd4b9963eab93ea2470769cfeee7292f18af38f
Instruction ID: 8db7fb04d6604cdf7167934930fca27d993984086a99ed0781f31016beda7082
Opcode Fuzzy Hash: 22a00e001bf30235020d94803dd4b9963eab93ea2470769cfeee7292f18af38f
Instruction Fuzzy Hash: E8F0E9712552088FC751FB78FC817EA37F6D788118B2005ABD809CB29AFB316D5587D1

Function 04DED350 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4065f29fd612205ba913b88d7d14595c5bd51c2f096dc7624149fe52b6ef5ab
Instruction ID: 9dd3e988611fe527dba448cd02c64b7be20b4a8c75b04a533345c08156946415
Opcode Fuzzy Hash: d4065f29fd612205ba913b88d7d14595c5bd51c2f096dc7624149fe52b6ef5ab
Instruction Fuzzy Hash: 0A016970A00206CBEB10EF66DA4D7AA7AF7E758748F110028D506E7240EF757E09CBA1

Function 04DEF742 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f0b72212fe1e06e032ae8b579b62ae30f4658b4c560c4a0ca59f552fd63861a
Instruction ID: c2e5e242c443cb75eb63661d3320d71abdc27565baa81a4c2b0a782e80596f65
Opcode Fuzzy Hash: 6f0b72212fe1e06e032ae8b579b62ae30f4658b4c560c4a0ca59f552fd63861a
Instruction Fuzzy Hash: B5F0E9313043906BD7252F6B6848A6BBBEEEFC521171D047EE545C7191CE70AE4582A5

Function 0792D12B Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac2c750890b5838297487712edd265cc24acccde7ae36da6593daf332d5a3dd9
Instruction ID: 1544f2d82fa502f44f07bf470c5a5b167858d98055ae307eab8aefa69fe9802e
Opcode Fuzzy Hash: ac2c750890b5838297487712edd265cc24acccde7ae36da6593daf332d5a3dd9
Instruction Fuzzy Hash: C5F04F70B002599BDB19EBB484157EEBFF69F88364F28042ED001E7285DFB409468BE5

Function 07924CB0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01c375e3cc7c9be305a6271a6de3eff8e3a7a4d1fde84219b562e9bc60483b2
Instruction ID: fe6c5715f2abae66745ef41ff63c5d674fddc9c5383cf9015479b574d450ecee
Opcode Fuzzy Hash: c01c375e3cc7c9be305a6271a6de3eff8e3a7a4d1fde84219b562e9bc60483b2
Instruction Fuzzy Hash: 2AF0BBB13082F54FD712AF6858045F67B54DB41555B0800A6ED45CF2B6D6218D1667D1

Function 0792EF8F Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4f0d5176f62cb924dcf45ae3ac7b919401a42125762ac538e10089b96b5180
Instruction ID: 66e73e8f25cfccce966dc1178f7f1799d0b6d5dff3161d89aa0a6ce7c12df66d
Opcode Fuzzy Hash: ad4f0d5176f62cb924dcf45ae3ac7b919401a42125762ac538e10089b96b5180
Instruction Fuzzy Hash: A4F01D75E002199F8F50DF69D8459DFBFF6EB48214B108026EA04D7210E7319911DBE1

Function 07921619 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: affc579c53d4473bbe2b0fa50f849b4eaf002a04d3faa4e4934c5b1770595aba
Instruction ID: fbf573f40ab2061ecfa313d3172c55efeba241c19b3832887d6c08f9161028ab
Opcode Fuzzy Hash: affc579c53d4473bbe2b0fa50f849b4eaf002a04d3faa4e4934c5b1770595aba
Instruction Fuzzy Hash: 71F04971E006098FDB54DFA9D941AEFBBF8EF48211F20416AD448E3210E3719951CFE1

Function 079261C8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 854230dd421d06b776cabad863b36c8e99e0748367b37e669872fefeda9cf80f
Instruction ID: 92e6db02deed752b6ef75bc8690cd37efe4de2b0c7afeea680b744a7b6d73886
Opcode Fuzzy Hash: 854230dd421d06b776cabad863b36c8e99e0748367b37e669872fefeda9cf80f
Instruction Fuzzy Hash: 8DF062703051508FC314EB39D458C69BBE9EF87315B1584EAE85ACBB25CA71EC05CB52

Function 01135446 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001134000.00000040.00000020.00020000.00000000.sdmp, Offset: 01134000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1134000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdae981ac3ff2581a149d12edfca072f8903fa7916e28a38ddd24c5e5bc9b2b2
Instruction ID: 8262d54bdb1283d363e35a44d6c71371d01e991f54e2f1b4110d1f742dac9112
Opcode Fuzzy Hash: bdae981ac3ff2581a149d12edfca072f8903fa7916e28a38ddd24c5e5bc9b2b2
Instruction Fuzzy Hash: 40F082B28452046FD300DF05ED41866F7ECDB94621B44C52AEC488B705E275AA188AE2

Function 0792DDB0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2bffce16ec300162744bc819a65482987143956ca785d5010cd25839ac97c2f
Instruction ID: 0ca51f23e327fb93b6042def2ed59ba53c93a834e59789f68c9c616798a25d51
Opcode Fuzzy Hash: a2bffce16ec300162744bc819a65482987143956ca785d5010cd25839ac97c2f
Instruction Fuzzy Hash: 10F0CD70A006189BDB28EB6986087AFBEF59B89704F01042DD006E3741DBB52E098BE2

Function 079280C8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700e85181db3c80ddd6eaafc941e093e25e16e28a68170079355de4fd9dd89f1
Instruction ID: 55e51365ed3d087c858e6a543b2102966e0586d03d8611dd08c506bb90101170
Opcode Fuzzy Hash: 700e85181db3c80ddd6eaafc941e093e25e16e28a68170079355de4fd9dd89f1
Instruction Fuzzy Hash: 06F0E5322193908F9325B728ED45ADA77BADBC6124305436BE546CB295CF21BC0B87F6

Function 07924C58 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b587a3ce2cb1e1e817d3d298c28100e8cf5631f37e058d64420a811efccac72
Instruction ID: ee4e38045b112731c7522efc4c0440d883541fb7ddfde90b315f26ba5be28dcb
Opcode Fuzzy Hash: 9b587a3ce2cb1e1e817d3d298c28100e8cf5631f37e058d64420a811efccac72
Instruction Fuzzy Hash: FBF0A7F17217768F8221A9ADC0146A5779CAB84959B150065DD42CF379D660CC42D7D1

Function 04DED55F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 330a1873cde034f8a1564dba82473b5dec60efa81937cb1179f89c5d80a58391
Instruction ID: 938646413006c11f893c70a2ba8f3c362d4630d176d99cb4e86cf6acc04a8d6a
Opcode Fuzzy Hash: 330a1873cde034f8a1564dba82473b5dec60efa81937cb1179f89c5d80a58391
Instruction Fuzzy Hash: A5F0C2352002009BC258DB94D64DE97B7BAEFC8204B00C52DE64A47B94CB70BC0A8BA1

Function 01130D50 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 542f6956f818abd3c1ea83f9f3ddc1cece2d9df614c5308ae8364a7db1e43998
Instruction ID: 7ffe672547073a07a00542445869d8bed29c48d000d519aa9bfd02d349e08986
Opcode Fuzzy Hash: 542f6956f818abd3c1ea83f9f3ddc1cece2d9df614c5308ae8364a7db1e43998
Instruction Fuzzy Hash: A6F0FB351046449FC316CB44D540B19FBE2EB8D718F24C6A9E9491B656C737E813DA81

Function 07F35137 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1172f4430c01fbd2217979f083318a4cf22eef097b0541fdd2a8268c1e7fc21
Instruction ID: 6d532105d3b40cba079daa397de233a7030171f9423e70c25a3678b198da03ec
Opcode Fuzzy Hash: b1172f4430c01fbd2217979f083318a4cf22eef097b0541fdd2a8268c1e7fc21
Instruction Fuzzy Hash: C8F082323002016FC724E635E902B5A7772AFD8355B20413ED906CB284DB76EC62C7D1

Function 07F35138 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c5e8996810b1260e7de41b8fe56f98d69605cddccb81740c879aca9690ed63f
Instruction ID: 2978109b470d7bcdd3428b5856bdaad292af2c540568e591fd1009b5bc9afbb8
Opcode Fuzzy Hash: 5c5e8996810b1260e7de41b8fe56f98d69605cddccb81740c879aca9690ed63f
Instruction Fuzzy Hash: BDF012323002056BC714E635E902B5A7366AFD8355B204139D9058B284EB76FC62C7D5

Function 04DEE740 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1449b07277419de0eb710915ed4512256b5880ca32c12a3f09a980bedc8f7868
Instruction ID: 5b9e9d60dd452508f7ef96ba586b4ca995f93478b8e9527c9b8e8d02507540d4
Opcode Fuzzy Hash: 1449b07277419de0eb710915ed4512256b5880ca32c12a3f09a980bedc8f7868
Instruction Fuzzy Hash: 5C018C35A01128DFCB20DF59E888BA8F7F1FB48311F218196E919AB261D730EE84CF40

Function 079276E0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79981e5b2a45f1c6496f72eb4586bebbf8b70813ef2322fb19a8f40479033d11
Instruction ID: 1100a0aa953eee470a5eb4dd1778f59717132fd5b3dd9be3ec8244d614d75414
Opcode Fuzzy Hash: 79981e5b2a45f1c6496f72eb4586bebbf8b70813ef2322fb19a8f40479033d11
Instruction Fuzzy Hash: 07F0EC376041446FDF024FAC9C149DA3FB7DF89260B048057F659C2251CE354511DF61

Function 07929588 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2513ae0922274ea921c8488efed37dfc879156cdbb43d8c8eaa67bad536ed83f
Instruction ID: 7f7f90b7d13aa5ebfcd7595f432ad5d132a8a9ae805e51216e68fb077431acf8
Opcode Fuzzy Hash: 2513ae0922274ea921c8488efed37dfc879156cdbb43d8c8eaa67bad536ed83f
Instruction Fuzzy Hash: B9E0227270DB718BCB23327818202AA3B988F46539F0504BEC845DB289EB26CC029BC1

Function 0792E4C7 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac788af3579ea8e8a07d07da4d2b868d579965577ad938294d88c38a99ace2ba
Instruction ID: 0fd728a882b850e47a9739003129aeeb72b938495556e88c5a4702dcf062fcd8
Opcode Fuzzy Hash: ac788af3579ea8e8a07d07da4d2b868d579965577ad938294d88c38a99ace2ba
Instruction Fuzzy Hash: 7CE02B357002145B87186BBAA81879E3BEAEB41130B10036AF61AC37C0DF311D418692

Function 0792100A Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f589dfb031fe20c19ce6ace7df95d6805261be5fdc1981262cfda2264e86389
Instruction ID: 05e1efdf2426af174f4c287448fbc7db30f0bb9368e2824e90711bc7ad35b3ec
Opcode Fuzzy Hash: 5f589dfb031fe20c19ce6ace7df95d6805261be5fdc1981262cfda2264e86389
Instruction Fuzzy Hash: 89F055323482A18FD3269B69C808825BFE8DF8233130A01EBEC42DB322C6A0CC01C7C0

Function 07926740 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7192d6ebc2f97a33eb52909afa0fdc658122c56fd873477da6e33317e9427b
Instruction ID: 5315d538b66b1be4725fc01addb91c287b2675dd44048166018bf640d61fec4b
Opcode Fuzzy Hash: 5d7192d6ebc2f97a33eb52909afa0fdc658122c56fd873477da6e33317e9427b
Instruction Fuzzy Hash: 4CF0397610C3816FD752DA349C51AEBBFE8AB59601F04496FF6D4C7282E225C64C8BA2

Function 07921CF0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a961826b70d3579af5c0d3929a866069b1e79a6c206af6483f89166ae5268b3
Instruction ID: ffb566f9cf1a77bab0a832769eaaf749485f9f41e8d94af39363415e53212783
Opcode Fuzzy Hash: 0a961826b70d3579af5c0d3929a866069b1e79a6c206af6483f89166ae5268b3
Instruction Fuzzy Hash: 91F03070750114CF8314AB2AD048D6AB7EDEF8A76575584BAE90AC7760CB71EC12CB91

Function 04DED570 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b779cf21f65311658c1b3f00c88193f678fad84636e6ac5559bbbeaff6d06b
Instruction ID: f6aef4069174860180541f09139ab152edfe3fa7fbe292975df8c374cb7768f7
Opcode Fuzzy Hash: 61b779cf21f65311658c1b3f00c88193f678fad84636e6ac5559bbbeaff6d06b
Instruction Fuzzy Hash: C4F082352006019BC254DB95E659E9BB7BADFC8611B01C428E65B87B94CFB0BC4ACBA1

Function 07926FEF Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7d0443ed6b0fcd244aa0ae266e30a5fc0d3fc243e763c52f418094b7802e8b
Instruction ID: e499c97c865de8fa3df1be9dc00c860bac8573150f6bee705f3b0a4bc570451d
Opcode Fuzzy Hash: be7d0443ed6b0fcd244aa0ae266e30a5fc0d3fc243e763c52f418094b7802e8b
Instruction Fuzzy Hash: A7E02232E0C2542FC706AB98A8089CA7FA6CBE9220F14846BE54EC7281EA711904CB91

Function 07922F7D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68aed6524c4970791b1a6ef94a56ef3ac1f13961b441fdc69ab60152d0e9166d
Instruction ID: aa451f352626411cfb45077c0d88c2d1bb0e07c9bdbc4d6c90fe0cbd29177361
Opcode Fuzzy Hash: 68aed6524c4970791b1a6ef94a56ef3ac1f13961b441fdc69ab60152d0e9166d
Instruction Fuzzy Hash: E9F0F872D00219DECB90EFA9D8416DFFFF8EF49351F20806AD548E2101E23586518BA1

Function 01130606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2417920975.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1130000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38dd898d8dc907833d55e72d992c46e1a5d44c6c8590bdd7b9442b6ab37f486a
Instruction ID: a72bcc3b1dde3064d6abd5797f40e96afe18434530c795c0f17850ea403fdaee
Opcode Fuzzy Hash: 38dd898d8dc907833d55e72d992c46e1a5d44c6c8590bdd7b9442b6ab37f486a
Instruction Fuzzy Hash: DFE092B66006044FD650CF0AEC45452F7D8EB88630748C07FDC0D8B711D635B908CAA5

Function 07F351A0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5916ae4f9620a4e5453cf51600aea9039a98dae235a1c2fcd5010865f2597d67
Instruction ID: b07d287e0c0044d12ac21f1edd38ba24ed30cb68ea7b7adf5b691fcf13913952
Opcode Fuzzy Hash: 5916ae4f9620a4e5453cf51600aea9039a98dae235a1c2fcd5010865f2597d67
Instruction Fuzzy Hash: 3EE01A327046049B8314AA7ED48885BF7EAEBCA625764407DE91EC7721CE719C028790

Function 07F3B704 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99ce6e3d457b8ca4a0fa799549727a52d177088e04c252db03362012f091114
Instruction ID: ba322a222be2317646e3f76aaa6149621dd83de1dea26e0f23870036f113db82
Opcode Fuzzy Hash: c99ce6e3d457b8ca4a0fa799549727a52d177088e04c252db03362012f091114
Instruction Fuzzy Hash: F7F0A77051E7D14FD3376738D8257E67FD09F4261AF0848EFC0CA46892C6A85884C356

Function 07923978 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2fc0e9e8cc5a44d405d91503b60c5d8c433b8493e22e1ef82524b4ee45d07a
Instruction ID: 7b98e58e70bf9c0d60f8c430233ecc2b29571aa0355b6074526d891425115f64
Opcode Fuzzy Hash: 1b2fc0e9e8cc5a44d405d91503b60c5d8c433b8493e22e1ef82524b4ee45d07a
Instruction Fuzzy Hash: 51E0DF3124D390AFEB129724BC41F9B7FA5DB99620F0880C6F658CF186D2319D058BE1

Function 0792C29F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2653a2797303281f017bb4db5f9b09b1dbc20625301cf78bd9a94b97b16689d6
Instruction ID: babce86f83189263f54e91a1325071f50ee8dfdad8372cb96834d66d43593631
Opcode Fuzzy Hash: 2653a2797303281f017bb4db5f9b09b1dbc20625301cf78bd9a94b97b16689d6
Instruction Fuzzy Hash: 5FF082B4604202EFC704FBA4D29941D77E1EF85608F404818E445DB208EB70FC05EB52

Function 04DE0BE0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d91783f55f69a5ac67322e47b1c5dc939014abf76263e5899be7aa47bb50ed9f
Instruction ID: 3c7bb7e94e1adad35a04d0f857d0094bab1031ca1f1b81ce16c7b32720b25407
Opcode Fuzzy Hash: d91783f55f69a5ac67322e47b1c5dc939014abf76263e5899be7aa47bb50ed9f
Instruction Fuzzy Hash: B2E0E57190E7C44FC30B873498519913F74AF27314B0A00EBD080CF6B3D2A9584AC792

Function 04DED8B0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afaa291d644392308c96d48cc72c691514bd31e405edf8f727ec1cb110a6a5a8
Instruction ID: 63d2bd78d025cc6e1aa02e5c87ef6cc961da0e64ae294b8413dafd0c08354745
Opcode Fuzzy Hash: afaa291d644392308c96d48cc72c691514bd31e405edf8f727ec1cb110a6a5a8
Instruction Fuzzy Hash: 6CE0DF72B011229B9728A91F5C84A2BE997FBC8620B04813BF70983280DE319802D7A2

Function 07922F88 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5f5e29823f59fd92d4141f795130fd926a99f90963a8a591692102993c0f39
Instruction ID: 9af747cb056942da59893de68d78ca7f715007a1937e16f94507e0713c68bb81
Opcode Fuzzy Hash: af5f5e29823f59fd92d4141f795130fd926a99f90963a8a591692102993c0f39
Instruction Fuzzy Hash: D5E0EDB2D0121D9F8B90EFB9D8456DFFFF8FA49250F104166E508E2104E3355A158BE0

Function 07926FB2 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d455aeba55b604853aabf8a0fd245ab08d336224a175693c13fa4e74ff5ac5
Instruction ID: a95527b55d98c18e0255365d12dcf65bfe1f12ad09ba43b2aa5885d0b1330b63
Opcode Fuzzy Hash: e0d455aeba55b604853aabf8a0fd245ab08d336224a175693c13fa4e74ff5ac5
Instruction Fuzzy Hash: 4EE0DF321082A5AFC7025A28E8018EABF7CEA462203010067FA80C7942C730B951D7A1

Function 07927E88 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f9ad39141459eae96e7061d819a04636f98293e4476255f1e48d0770a25b5c
Instruction ID: 455555a744c58273def466bdfd8ddb0874e3c1df3b535679848af9d86cbbabf8
Opcode Fuzzy Hash: b7f9ad39141459eae96e7061d819a04636f98293e4476255f1e48d0770a25b5c
Instruction Fuzzy Hash: 89E0C9B1E142089F8B84DFA9D8459EEBBF4EB49250F10406AD508E3200E3319A108BA1

Function 0792C228 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe2f6dc730cb13ae8da4d11f1fb10edcc5c4728eeab3cc9cef59600cd265d62
Instruction ID: 5ff3f3c927b06d362858c661d28856a8c74250be291c715a2f222f5b9473f770
Opcode Fuzzy Hash: bbe2f6dc730cb13ae8da4d11f1fb10edcc5c4728eeab3cc9cef59600cd265d62
Instruction Fuzzy Hash: 99E0D8B1245321CBCB31DED994C055EA7A4A74A65DF30452DE00686114CBB0C88BC660

Function 07929598 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2054e40813723a5e8692e03e4cf54f822355b4ad9f22d9e9d655e0fbcd0aea3
Instruction ID: d89cda99d1e8bd67bbac2a4fca3234e9e10a88ae5c2436d7262f6a7cd5775eaa
Opcode Fuzzy Hash: f2054e40813723a5e8692e03e4cf54f822355b4ad9f22d9e9d655e0fbcd0aea3
Instruction Fuzzy Hash: BAE02CB2B01A30874A2032B8002846A72CE8FC98BAB150579CC07E734CCF60EC03ABD1

Function 0792B567 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a4036623ffc46e27c7514c6b68826450b24bd0e200191fac55baf9dc358808
Instruction ID: 1c4c18dc14950c860f60c1954f4904314fd94e9d61f9beab47b896749b42ade6
Opcode Fuzzy Hash: 81a4036623ffc46e27c7514c6b68826450b24bd0e200191fac55baf9dc358808
Instruction Fuzzy Hash: C1E08C323011106B0614256AA84195B7BCEE7CD265355007DF609D7300CE31DC0A83E4

Function 07921018 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f385c3d5c9f10e33f4892ca75e7c938c54e7f78a7ae4fa3a68f22702a1752369
Instruction ID: 2db521780e4632804483a53128f2bf2d19ed5db8e5f0099f4f3e463dbfad17d2
Opcode Fuzzy Hash: f385c3d5c9f10e33f4892ca75e7c938c54e7f78a7ae4fa3a68f22702a1752369
Instruction Fuzzy Hash: B0E0DF327400254B4220979DD448825B7EDEB856753164273E806D7320CAA0EC0187C0

Function 04DE16B8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e187d33543ab9c5fafdbaab8c501ac08b20008ad539381f751563becf5adb6f
Instruction ID: 846511a1840ef1c6695797e500f809753702fafe1786588ef89c53410845bc64
Opcode Fuzzy Hash: 1e187d33543ab9c5fafdbaab8c501ac08b20008ad539381f751563becf5adb6f
Instruction Fuzzy Hash: A9E08C313011545FC304963DA40896A3BEADFCA62972900FEF409CB322DE619C1A8391

Function 04DED63A Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa99c72f6578ce42dfcc7c5becfe595dc29af13c8ba87696afcb8cc2b00d616
Instruction ID: a2836ab2118f17e40deef677073ebfbf8a9f30f4958f931d42b41699e4f33d18
Opcode Fuzzy Hash: 0fa99c72f6578ce42dfcc7c5becfe595dc29af13c8ba87696afcb8cc2b00d616
Instruction Fuzzy Hash: 6CE0CD3364D3602FD70693E468111DA3FBDC745174F0080ABE84CCB2C2E9655E0487E5

Function 07F3B5B8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5c84a219bfd24da3f7891ab075ca5f479ed15b7bd3e9973507b0c309b83399
Instruction ID: 51e4a27ef37948e5c864e2e15612d78e8647bae71116f4519864efaad3927f32
Opcode Fuzzy Hash: fb5c84a219bfd24da3f7891ab075ca5f479ed15b7bd3e9973507b0c309b83399
Instruction Fuzzy Hash: 45E068B26087814BD3269628D8283EA7BA24FC2334F0C41BBC5E8C26E2CE244C05C340

Function 07926F78 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f464679ca345b9c41e0b822538ce5dea7fcc04b128e2f3025837558d915a24e5
Instruction ID: 95b72ca4ea8c6abaddbf682c13bd6d9e89d8810a2987c4631652515731c10bc7
Opcode Fuzzy Hash: f464679ca345b9c41e0b822538ce5dea7fcc04b128e2f3025837558d915a24e5
Instruction Fuzzy Hash: 80E0C23130D5A14BE309529D7C0569AEBC5DFCA521F1800BEF24DC7286CA219C03A3EA

Function 07927940 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57034349484d160ca674b6128a989df4f2605f235f0e003da240c57fd70dd63
Instruction ID: cf365384c054fe1ade7e5b0d195c9b8fbedc855274474d397d6ee8409b989999
Opcode Fuzzy Hash: a57034349484d160ca674b6128a989df4f2605f235f0e003da240c57fd70dd63
Instruction Fuzzy Hash: 34E086362483A4AFFB075E58AC15FEE3F6AEB09611F014057FA00CB282CA755E1587D5

Function 0792B568 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df1c5689b6d96cc7cf2c71b61fbefbd49cb8456c83576c52e0be7848ad057bc3
Instruction ID: 6a47e184e2f8caa491022100c3cb03208fd2ec1adc1f4d3cad672b5563ff324d
Opcode Fuzzy Hash: df1c5689b6d96cc7cf2c71b61fbefbd49cb8456c83576c52e0be7848ad057bc3
Instruction Fuzzy Hash: 64E0C2323011106B0604256EA84055B77CEE7CD275355007DF60DD7300CE31DC0A83E4

Function 04DED2C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0b1b6adeedd82d6d00d72628ece131915f8feb606b1a6b09b8b692f1df10654
Instruction ID: ffdb087ef16ce06650be663ce20d378eafd65ee1153a094bf85a31ab75dc7abf
Opcode Fuzzy Hash: a0b1b6adeedd82d6d00d72628ece131915f8feb606b1a6b09b8b692f1df10654
Instruction Fuzzy Hash: ABE0CD366155268BF710769AE4043F677D9FB05361F054023DD09C2641DF69D841C790

Function 07927690 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9956d2bcce8d9984b650ee789c880b52a01b020a642de140e5e57819cea9c9f
Instruction ID: f033cec864cb0e05f27ffb68de1e46e20f0c01b2ae3a5ba6e8738160b4f8b669
Opcode Fuzzy Hash: d9956d2bcce8d9984b650ee789c880b52a01b020a642de140e5e57819cea9c9f
Instruction Fuzzy Hash: 2FE0483114C3965FDF135F58DC056D63F61EF05250F0440A5F944CB166D336D432A795

Function 079210C0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e88ed3b411d10a46f8fa0f52e3a6f4edd5a9cdeab29264ace0601e87799e804e
Instruction ID: 7bb08525502d73272b281e96cb77328dfc8565522ed21552a736992b47be9fca
Opcode Fuzzy Hash: e88ed3b411d10a46f8fa0f52e3a6f4edd5a9cdeab29264ace0601e87799e804e
Instruction Fuzzy Hash: 7AE09232621108CBCB50FB78E8857AE33EAA788218F60455AD805C7359EF306D458B91

Function 04DE0C98 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd14da50f96991fdea0b59de0f6e3e06764260600c4db71d6a4e42ea27bf81d
Instruction ID: a94054f55e3675959c7c103da897f1c21c55028ca7e19fb2339e951ab1d0962b
Opcode Fuzzy Hash: ffd14da50f96991fdea0b59de0f6e3e06764260600c4db71d6a4e42ea27bf81d
Instruction Fuzzy Hash: 7AE09230705A548BD315DA6BC454BE3B7D5AF89314F04805DD44A8B751CBB2BC02C7C0

Function 07F3A3FF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99cd90b8b04b224816c55f3e646b69f639217570ff77962e4b1e4af04ae0c52f
Instruction ID: 527cd374997b0b5189c74c072d927154ec43efeac1f0d4a3e82bcc2822d1213c
Opcode Fuzzy Hash: 99cd90b8b04b224816c55f3e646b69f639217570ff77962e4b1e4af04ae0c52f
Instruction Fuzzy Hash: 9DE0C27270450243D338955EE80CBFAB2AACBC6321F0C803AE04D83AA1CE655C46C791

Function 07F3B6B3 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ab63b786981c61167f7a01604676c4f64b66c77f1919d529a048edf742e262d
Instruction ID: f3c494508c110f0aa4678cb9bdc6889c50227f785f95fe1860ccbe35f724eef7
Opcode Fuzzy Hash: 2ab63b786981c61167f7a01604676c4f64b66c77f1919d529a048edf742e262d
Instruction Fuzzy Hash: 67E01AF0D5020ADEDB40DFB988457EF7EF2BB48240F11482AD004E2201E67441468FE0

Function 0792C238 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d07ad140bf45776c2ed435ceee2abc6912c0042bd8e0535f40745062572c1ccd
Instruction ID: e241969d72ab6551436ed4728f733d8805a3d5d7330f5da1ab31ce82f0657d04
Opcode Fuzzy Hash: d07ad140bf45776c2ed435ceee2abc6912c0042bd8e0535f40745062572c1ccd
Instruction Fuzzy Hash: DCE0CDB1204322CBCB31DECA94C465AB3DCA74955EF204429F10982114CFB0D886C6B1

Function 0792B558 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb6a7add450af1fb985d3a488474827bc908cf66e2c833d448f7d62877e93e14
Instruction ID: 52c156689871c8d1013dcad4e7d84da3a4d7e26e0fb6833f479d04b93a01bd99
Opcode Fuzzy Hash: eb6a7add450af1fb985d3a488474827bc908cf66e2c833d448f7d62877e93e14
Instruction Fuzzy Hash: 45E0CD737052509FCF02173864501443BD6E6C913931A43F7D158C7391CA35CD1643D4

Function 079280D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caea7b35fa141e663d606048faeed36bfbe5601ef9cad1c985d4383336094d86
Instruction ID: f191788805045535f57973e9992360e711b645694684f30b40fd9ba160e1364d
Opcode Fuzzy Hash: caea7b35fa141e663d606048faeed36bfbe5601ef9cad1c985d4383336094d86
Instruction Fuzzy Hash: 49E0CD32320144878224F769F549A9EB3BFEBC86143054639E106C7748DF70BC0A47F6

Function 04DE0C89 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3d27983f3452fc45c4bb8f043effb9637bced65b753abb82b9d29c47155b064
Instruction ID: 18eedeb5b71d9737cda13ea73383697802811f2d528bba5d5ad0f54aef7b53bb
Opcode Fuzzy Hash: f3d27983f3452fc45c4bb8f043effb9637bced65b753abb82b9d29c47155b064
Instruction Fuzzy Hash: 91E09231A0AB948BD717D637D4147E27B916F56319F04009ED9869F6A2E7A16841C3C1

Function 04DE1670 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd5607a0ffbe6b04a77b40f3a70955785a2d74e419a3eea0e0c53e7b78de113
Instruction ID: 73d31f3ce5077efdbb259d2c6505b896f4171219f2591e0c7f97a8ada8a72ce5
Opcode Fuzzy Hash: 9fd5607a0ffbe6b04a77b40f3a70955785a2d74e419a3eea0e0c53e7b78de113
Instruction Fuzzy Hash: 44E0DF306093C05FC712AB34D4009463FA59F07256B2984EFC084CB222CE368C44C3D1

Function 07F3B5C8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 505bde3f59168c2fe7ef485419dd69413f4ac5f8589deff776627d1664f9c4b8
Instruction ID: 1771dd55b47848fadc2ca466978a7f4ef91e2417d501386d8f3169f918346910
Opcode Fuzzy Hash: 505bde3f59168c2fe7ef485419dd69413f4ac5f8589deff776627d1664f9c4b8
Instruction Fuzzy Hash: 70E0C2B231060247D338A50EE8287EAB29B8BC5321F0C403BD24DC3751CD645C46C680

Function 07F3B578 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1743a6f9525c6a900e1088d7e97da788d9139fde30f0b25730daef3ebefe10bf
Instruction ID: 37913efbaf44ebde9a5ccb22269498e272954348aa8427253814b07d60abbd62
Opcode Fuzzy Hash: 1743a6f9525c6a900e1088d7e97da788d9139fde30f0b25730daef3ebefe10bf
Instruction Fuzzy Hash: 92E012B275465287C339A65ED8187EA739A9BCD321F0C043AD25DC36A5CFB46C868254

Function 07F3B6B8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 340551d8cdbf69e03178432780d5422f6f0e524d69632bfb26d53c576e77504e
Instruction ID: be0fe4381d6c4a26ff30de9f46de179bfbd738df3a5b51ad34d7e9491aef9f6e
Opcode Fuzzy Hash: 340551d8cdbf69e03178432780d5422f6f0e524d69632bfb26d53c576e77504e
Instruction Fuzzy Hash: 8DE01AF0D0020EDFDB40DFBA88457AFBEF5EB08240F114429D104E2201E67441418BE0

Function 07F3A400 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9870651f9993e5e9cfa7368a968e81460899994da79b65ee85e35ca147def9ab
Instruction ID: 8f29b98f40499552ef2c32ccd908e77b3feea3ee65ec444a15e7b404636d7359
Opcode Fuzzy Hash: 9870651f9993e5e9cfa7368a968e81460899994da79b65ee85e35ca147def9ab
Instruction Fuzzy Hash: 4DE0C27270450243D338954EE80CBEAB2AACBC6321F0C803AE04D836A1CE655C46C780

Function 0792AFC7 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a9394e4ac3d3ebdc7a33d806883f7a04f9ee2051e8189c79d96c571ef279411
Instruction ID: bb3d8a22f451672a9dbb08508ca690667464183bb5f82cb89a946273f596cf0f
Opcode Fuzzy Hash: 0a9394e4ac3d3ebdc7a33d806883f7a04f9ee2051e8189c79d96c571ef279411
Instruction Fuzzy Hash: 31E0C2326042109FD704EB689808ADA7BE9DB89230F1484AAE04DCB682EE324C408BD0

Function 079276A0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9080824be488a44a33cd9cbc6422868d4603c42b3a8c1f34b0299182ddc6c828
Instruction ID: b34860260049c62720374dc55a9091ff51414ec860ccbedebabc1f79ca58c021
Opcode Fuzzy Hash: 9080824be488a44a33cd9cbc6422868d4603c42b3a8c1f34b0299182ddc6c828
Instruction Fuzzy Hash: 8AE07E3650020EABCF129FD8E8089AA3B66FF48350B048411BA1956529D732D571BBA5

Function 0792C617 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e6634a6921a0de18d990a3621919648f0647da4f0187fee197f34f30495ab74
Instruction ID: 90d101f3ba0199470b85c1e7b0d0e3d2c2d2b9e9c733a6ec07cf91f50d8c4fa1
Opcode Fuzzy Hash: 2e6634a6921a0de18d990a3621919648f0647da4f0187fee197f34f30495ab74
Instruction Fuzzy Hash: 12D02B36B015325B4330F76C9005459B7DE9BC75AD32240A3E801C7708CA71DC0247E2

Function 07F33D78 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7425a6800b26e63d5d67ba4f4b317e6fe5994fe0e01e1c4d66ad45d7433ab8
Instruction ID: bd8f716f878580ccad31854fee11e4acb4f8d40673b6c272468923c49d03bb8e
Opcode Fuzzy Hash: 7d7425a6800b26e63d5d67ba4f4b317e6fe5994fe0e01e1c4d66ad45d7433ab8
Instruction Fuzzy Hash: 79D02EB2B10129CF4220EAAC9408411B3EAAF8E7E131901B3E809CB308CA30DC0087C2

Function 07F38D20 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82f503f05b76e19401b092fee24711d92f95ae8212d8215fa4154c754b6a15f
Instruction ID: 523d67073564224f6e771b7fe7de0a73ea38e549decb61a0434ab243722b065e
Opcode Fuzzy Hash: b82f503f05b76e19401b092fee24711d92f95ae8212d8215fa4154c754b6a15f
Instruction Fuzzy Hash: 0ED0A7B3349510278A25516D24148EFC7CA8BE7690704502FD106DFB45CD514C0383A5

Function 07F38D28 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4166119333b9230149b990bc703c1d5db9a7b6192ae4959e43487d7c6cbdf5f4
Instruction ID: 5786e17207657d895ee5a2869a4ee59ff38850ccedcc59de45ccc7dd91bc5282
Opcode Fuzzy Hash: 4166119333b9230149b990bc703c1d5db9a7b6192ae4959e43487d7c6cbdf5f4
Instruction Fuzzy Hash: C5D0A7F33051502A0249616D34188EFC79F4EE5161304103FD109DFB45CD110C0683F5

Function 07926FC0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca214d1949d58d2c385915093628c947da1120d341042934b3b163c156e7231
Instruction ID: fa417c954d89f43411331aae798118500dbc8ef9971835410eb0f7e848ae6ca6
Opcode Fuzzy Hash: 8ca214d1949d58d2c385915093628c947da1120d341042934b3b163c156e7231
Instruction Fuzzy Hash: 49D0C232000014EB97015B58E845DAABB7DEA862217000422F781D2904C730B412DAA0

Function 07920F60 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61e3a448be7a492adf8ccae373ccc7264eaedf68a927b2bd9506fab9555bf7e3
Instruction ID: 9edabf5141f83f22808a1f0b40110e882bcc58444da58dd5a8633a7509cbaab4
Opcode Fuzzy Hash: 61e3a448be7a492adf8ccae373ccc7264eaedf68a927b2bd9506fab9555bf7e3
Instruction Fuzzy Hash: E9E08C3024D3E40FE31A667868142AA3FE58B87231F0901ABD4C9CB183DAA4888587D2

Function 0792E449 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd71c7eca0f77cfc2858f079c2465029ee443bbfc9fc7afcf29f94d4a0a98d40
Instruction ID: 1586be22dfafdcca4efd47ae2229a8ccc326e883052f96a7cd4639928a157dc4
Opcode Fuzzy Hash: fd71c7eca0f77cfc2858f079c2465029ee443bbfc9fc7afcf29f94d4a0a98d40
Instruction Fuzzy Hash: ACD05B7020A329EFD7107575BC1557137ADD705265B010666DD05C62D4ED32AC41C6E5

Function 04DE16C0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b055fbc6cd69cf27675e9585a07ebc1f44d637cb05985afe080e9399061c5e7
Instruction ID: ae3ab9944c6c937d447162fa1bb5322346680566e815e96ca8e75ba4ebf675a1
Opcode Fuzzy Hash: 0b055fbc6cd69cf27675e9585a07ebc1f44d637cb05985afe080e9399061c5e7
Instruction Fuzzy Hash: BBD05E313100204F8708A63DE00896E77DEDFCD62572540BAE40DC7321DE619C054791

Function 04DEE92A Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de34838236d0370333a5adfda57d2c3ca3c5ae6c2fc381e3c8da53888587b4c3
Instruction ID: e11f19563b9c41f2f507162b0c2ea5d9e5b00bef92c9c070b937e60924b4f22a
Opcode Fuzzy Hash: de34838236d0370333a5adfda57d2c3ca3c5ae6c2fc381e3c8da53888587b4c3
Instruction Fuzzy Hash: D0F0C935A01118CFDB54DF45E888BACB7B0FB54311F208195E1099B121D734AEC9CF80

Function 07F32468 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4b8ff8dab6e961c5be9a02d04bd07802222252eebae9819263fbb8f9658513
Instruction ID: c5c39568172708d44fef9c43b93e2d4a0f9070dab72a45477f52639ff536bdaa
Opcode Fuzzy Hash: 0c4b8ff8dab6e961c5be9a02d04bd07802222252eebae9819263fbb8f9658513
Instruction Fuzzy Hash: C4D01276204529EBDF026E94D8118EE7B56AF45250F108005FF5556211C6738962A7E2

Function 0792AFC0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af2683597af75fe72cf387f767c7b7188e7a034b1b04983a471cf50f3aba8033
Instruction ID: 1edf7f32023a9e3f9538c4ec48553d3e86eea901bee0950f40935d75c75f8ce8
Opcode Fuzzy Hash: af2683597af75fe72cf387f767c7b7188e7a034b1b04983a471cf50f3aba8033
Instruction Fuzzy Hash: 04E012727042149FD704EB68D448ADA7BF9EB86225F1484AAE44DDB651EA714C048B91

Function 0792C161 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e27c8d0ab71e631f64c4506417ebaa7f982db8ebc90a9484d980e81c2190cb37
Instruction ID: 9fb1d48ef8d0732eecabbf539340cd00b7db912b36619caee3a44326cb2cb127
Opcode Fuzzy Hash: e27c8d0ab71e631f64c4506417ebaa7f982db8ebc90a9484d980e81c2190cb37
Instruction Fuzzy Hash: 8EE0C2303011008FC310EB34D445EEA37E1AF8A319F2001AEE80ACB726CAB29C01CB40

Function 07921052 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bffa0149cd991edde577e4208888d61792ffad2b07826125ab7db98ab9301e0f
Instruction ID: dea56539c2b6b5fae4900fc0d7c8774a9038dad201f97c1688a23a943fa99866
Opcode Fuzzy Hash: bffa0149cd991edde577e4208888d61792ffad2b07826125ab7db98ab9301e0f
Instruction Fuzzy Hash: B7E0C271A4D3445FC306CB748C115AA3BA4CB06104B2006DFD449C7282EA364E049BA1

Function 0792DC47 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5733c48c62543e382d448a155cdecb1f4df94f8bfd2236cbd839422bc6c593b2
Instruction ID: 7612928ef25c002ce2d54227f50172c930e25fed27e0284d160cf19a259e36eb
Opcode Fuzzy Hash: 5733c48c62543e382d448a155cdecb1f4df94f8bfd2236cbd839422bc6c593b2
Instruction Fuzzy Hash: 53E04FB5506384DEEB01DF76B804B953FAED319218F01428AEA85C3281DA711E58DBA1

Function 07F33D6F Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a45658607e39179c4ff87438b58946e13f41b5a481b98d92a98b68b941a079
Instruction ID: 03b83727d0f45321ba0981832268ec66e2f77cf743da6d0bbd1d77960e8ab8f4
Opcode Fuzzy Hash: 97a45658607e39179c4ff87438b58946e13f41b5a481b98d92a98b68b941a079
Instruction Fuzzy Hash: CED05B7661515DCF8520D9A8A404455B765AF497E17040177E984D7719D231CC4087C2

Function 0792DF21 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b84fe306422b884ade9092e5388ab6398039b69cd00392b023146cbd958e44e9
Instruction ID: e71cff3ec7b9209eef2de8ab70e0f19cdf5190afe7534cff8a9a1ebf4d9e1ea1
Opcode Fuzzy Hash: b84fe306422b884ade9092e5388ab6398039b69cd00392b023146cbd958e44e9
Instruction Fuzzy Hash: 32E08C36B01108DBCB08DBA4F5495DCB372EBC8309B10C03AE20197200DB32AC1ACB60

Function 07920F70 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78314e77c62ebfdd66ded7fa00267229b9fe38c709f9265895ff7dac2b92fa8d
Instruction ID: c62d5ab33aeb31ea18b7d7f35a458776fc196282d4b1145f8919f099a8f0ecb9
Opcode Fuzzy Hash: 78314e77c62ebfdd66ded7fa00267229b9fe38c709f9265895ff7dac2b92fa8d
Instruction Fuzzy Hash: 35D0A9327002280FDB1866F874082EA7BDECB89636F04047AE54EC2200DAA4988153D0

Function 04DE062D Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0745dc80801f77f43238dbf2ec2bfba3cbfbdcfca6b7ff2f7bbc2ae6f8281e26
Instruction ID: 6b49d5af5fdf3f47dcded7d33c2266cb4e1ac53f47c4efc5a941543eaf8d6e18
Opcode Fuzzy Hash: 0745dc80801f77f43238dbf2ec2bfba3cbfbdcfca6b7ff2f7bbc2ae6f8281e26
Instruction Fuzzy Hash: E5D0A72298E3E00FC717537824144EC6F650D9312531D00DFD04BDB5A3C989098AC783

Function 07F38D30 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e655de197e4e3424c4696490bd7dced4642b1ffe398ffd5c64f1e277c4f51ff8
Instruction ID: e627fd1427bde845a5328e4c958812ae64f8348c19a092706bece3a261cfb3ef
Opcode Fuzzy Hash: e655de197e4e3424c4696490bd7dced4642b1ffe398ffd5c64f1e277c4f51ff8
Instruction Fuzzy Hash: 89C012B3305624230419215E641889FE6CF8AE55A1605403BD205DFB44CD515C0243F9

Function 07F32477 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed131059973cbf55c390b7119bebeb01ec5676cecac1cc9dd824cccb0790bcfa
Instruction ID: c634be78d596f8a89f4e797bdec6310656ca40e0f7f3c9fd85e05edcfd558e88
Opcode Fuzzy Hash: ed131059973cbf55c390b7119bebeb01ec5676cecac1cc9dd824cccb0790bcfa
Instruction Fuzzy Hash: 90D09E7A24022DBB8F066E94D802CEE7B5AAF89650B404015FE0516214CA729D72A7F6

Function 0792DFB9 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a322528cb25c682a5b7a3ca5fc4a9bd02863208e160cb18d6659f0561357f1d
Instruction ID: 5dfecff7aa2d0de6792fd800960cd5dbc47b2491c896a4300282fa501df31938
Opcode Fuzzy Hash: 7a322528cb25c682a5b7a3ca5fc4a9bd02863208e160cb18d6659f0561357f1d
Instruction Fuzzy Hash: F5D05E7030D3805FC70AEAA49C55592BFE49F4611430840DEE848CB197EB16E906D7A4

Function 0792E440 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14882a478b9db620c7d1c8697126fa685db822dc145f5e1d38b670035dfd103d
Instruction ID: 326ea877de76565a2f5eafbf979cddc78ead2193858634d380cc8890d0b7374c
Opcode Fuzzy Hash: 14882a478b9db620c7d1c8697126fa685db822dc145f5e1d38b670035dfd103d
Instruction Fuzzy Hash: 73D05BB030A315DBE7207A71985913137A9D70A355F0409698D45CA694E9729841C791

Function 04DE1520 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50eebe631083dae0c68b4a651f9ffbed59aff6bfb6ca40f584ce5d5fc6aee74f
Instruction ID: 901099b66a03c289059c367b27d1f60e0ca4d743d7aa4e658a2428ea9348b8ca
Opcode Fuzzy Hash: 50eebe631083dae0c68b4a651f9ffbed59aff6bfb6ca40f584ce5d5fc6aee74f
Instruction Fuzzy Hash: ACE0C231B04641CFD769BB29F208BD837B1E752315F03145AD041D7248DFB42C4A8B81

Function 07F32478 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8191b7835eff7f4b84f9c2f2e208307caa1b3d37fb5a77768a0a1c0a80a8e706
Instruction ID: 72d9243c71b080494671852ea0a6120b7209a332f2eccb24f0c7a2c2b493409c
Opcode Fuzzy Hash: 8191b7835eff7f4b84f9c2f2e208307caa1b3d37fb5a77768a0a1c0a80a8e706
Instruction Fuzzy Hash: F3D09E7624022DAB8F066E94D801CEE7B5AAF89650B404015FE0516214CA729D72A7E6

Function 07927950 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408f17d635e09daef0c2f26eef9a832fad1ae44ace9afde055ccad2dbc04bcbd
Instruction ID: 0e4352803f4fb3cad9ed30e8dfab82d69afba982be734a3400846cc1c642b454
Opcode Fuzzy Hash: 408f17d635e09daef0c2f26eef9a832fad1ae44ace9afde055ccad2dbc04bcbd
Instruction Fuzzy Hash: 72D0C736340218FBEB055F44DC15FDE7B5AEB4CB61F01441AFF0546281CBB169119BD5

Function 0792C170 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bacd84c389137926ef2c42ae44a6ba757dad2d428306daf44598d370b8faf3b
Instruction ID: cd1f1353af1f579dccd2a4cc62f8050abdd0f0961d8906e2bc5f5282c75a90dd
Opcode Fuzzy Hash: 8bacd84c389137926ef2c42ae44a6ba757dad2d428306daf44598d370b8faf3b
Instruction Fuzzy Hash: 9CD017312002048FC300EB78D044A9633E9EF89369F1100AAE8098B725CA72AC00CB81

Function 00A323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2415250374.0000000000A32000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A32000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a32000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc413b04c1cb811f2270234839dd4d6154977b5eb8f527b30d1bd9873eb332b4
Instruction ID: e5ac47fea42187690e5aa69e72b0a7336b87017d82300eda02051a1655f80b21
Opcode Fuzzy Hash: bc413b04c1cb811f2270234839dd4d6154977b5eb8f527b30d1bd9873eb332b4
Instruction Fuzzy Hash: A7D05E79245A814FD3269B1CC6A5F9537D4AB51718F4A44F9A8008B773C768E981D700

Function 07F3B232 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a2331f9153a8b81d460b0ebb42f62aa73b68941b43d2d251d366434c031514
Instruction ID: 66a5693128b1a143317acfc6758b12ce2ff24410285fc06d268f9eff122c38dd
Opcode Fuzzy Hash: 60a2331f9153a8b81d460b0ebb42f62aa73b68941b43d2d251d366434c031514
Instruction Fuzzy Hash: ADD022B22492105BC326A278E010CEFA3D98F82210714867EC80B9BB04CE75CC02CB50

Function 07929C51 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bf25b6b818439192b87804af9d617e412ac4d32a551be92b1f4f95ca6bae5f
Instruction ID: 1be15a6de0d001990c354b7ff4ac6389f0a808c086690c047cde590aec4f40f0
Opcode Fuzzy Hash: 36bf25b6b818439192b87804af9d617e412ac4d32a551be92b1f4f95ca6bae5f
Instruction Fuzzy Hash: 1DD0C93208D3902EE30612A01C16BE73F688706101F0A0097F284C65D2E0555645C2FB

Function 04DE1680 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a624c934516b667930856d25739859fabbf967c10c121a1b1dd1666655a7357a
Instruction ID: abf1d9651c6ade16a2cfd9054c9e512071f8fd1fef5d90d586ba335fd52a93c0
Opcode Fuzzy Hash: a624c934516b667930856d25739859fabbf967c10c121a1b1dd1666655a7357a
Instruction Fuzzy Hash: 5ED0A9317401289BC600FBB8E004E9A33DAAB98265B20807AE408CB318DF30AC0087D0

Function 00A323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2415250374.0000000000A32000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A32000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a32000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35867e93589bd0691c73e272df62ac534f66de7b2fcc58a16b5f00f2c027402a
Instruction ID: 6d6a8a734655b106e7c1ad0b0b64c6a6cf7e04e64d911c64f5cd8a44bd6a1b5c
Opcode Fuzzy Hash: 35867e93589bd0691c73e272df62ac534f66de7b2fcc58a16b5f00f2c027402a
Instruction Fuzzy Hash: E8D05E353402814BD725DB0CC6D4F9973D4BB40B14F0644F8BC008F762C7A8D9C0CA00

Function 07F3341C Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46be12ad5dad51bf0e7210f52307b3a24972657223fdea4340a638a7e1e8ef11
Instruction ID: 0bab43aa919f20cf791c3e6658086ee478ea9f7a153f5d3a320f70a47a6bc887
Opcode Fuzzy Hash: 46be12ad5dad51bf0e7210f52307b3a24972657223fdea4340a638a7e1e8ef11
Instruction Fuzzy Hash: 3CD0C936B001048F8F14E7B8E5594DCB3B1EF8526971000B5E50AD7A61DB319E18CB61

Function 0792F3A6 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d01c18e3965833b98766d26138cedad3ad76d26203b88e779d6988db96c6ca05
Instruction ID: 0b9fec9d96666f22798b0980c85c52079467f5995d60e817edaced01179aaa2e
Opcode Fuzzy Hash: d01c18e3965833b98766d26138cedad3ad76d26203b88e779d6988db96c6ca05
Instruction Fuzzy Hash: 14D01231B80124EBC700FAADD059B96B799FF88621F054096F10DCB164C66148039B90

Function 0792D640 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b921e71267233c834b77b31ae4ef6d78978c39f51086f1d6aa2f989efff66b
Instruction ID: 587b8965747ebe7124da3f812cc028fe49164a0956a6d9021f9e8fd7063e9b72
Opcode Fuzzy Hash: f9b921e71267233c834b77b31ae4ef6d78978c39f51086f1d6aa2f989efff66b
Instruction Fuzzy Hash: 77D0A93260AB818FE7160A38B804A567FA0DB8A704F1980EDF1898B186C6B6E8418B40

Function 07F3B240 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9405bbb41d8b4e66444d8eca00a0c35002f9c5ae2511a1404b9742b2482b9505
Instruction ID: b4405ecc0380cdde8bf1393e0be14236964ef4fe7bbc8a562e1dec93dbd7c947
Opcode Fuzzy Hash: 9405bbb41d8b4e66444d8eca00a0c35002f9c5ae2511a1404b9742b2482b9505
Instruction Fuzzy Hash: E2C08C72304324A78319B27CE00099FB3CECF86220750883ED50A9B700CE7AED01C7E8

Function 07921060 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a56b046f385b6dd13a654941ff148a82aa67efbbb9032214f6caeae6f47c8c
Instruction ID: 292d86d2821860ea6a94e2e99bb6bc50d401bab6bc92b50a7c3051ba6c2b5383
Opcode Fuzzy Hash: d6a56b046f385b6dd13a654941ff148a82aa67efbbb9032214f6caeae6f47c8c
Instruction Fuzzy Hash: A7C08071A0130C5B4754DBB4CD014DF739DC745144B10469F990AD3340FE31AE0046F1

Function 07F3A3D0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e333e6c6e881a1600e1009d76cb0b8d64f334b65baae5ce02dbe8dc4054c98
Instruction ID: c21f78573279d22adeec0dcce7eca0e7aecc63f9d62c2134b5e6797968d928ce
Opcode Fuzzy Hash: a2e333e6c6e881a1600e1009d76cb0b8d64f334b65baae5ce02dbe8dc4054c98
Instruction Fuzzy Hash: 6EC09B7231813417851461DD641459FB58D47956E5F414437D50587B824DD59C5103EE

Function 0792080B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50bd3f694d0cacbb2610f309bdeee393834b0005c364b5724393a56675465c7
Instruction ID: 07fde8ce2bed37271d70c47b0fb218b98326a709cd35feba72a0a9ff1b43a033
Opcode Fuzzy Hash: f50bd3f694d0cacbb2610f309bdeee393834b0005c364b5724393a56675465c7
Instruction Fuzzy Hash: CED067B085416ADBDB14AB84D8597AFBA70FB01318F100415C00166194CBF50586DBD1

Function 0792C83F Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4251e16bd41f30f06eb2434df8dfa52092be6fbc758dc8f729ef63cb7e01ef76
Instruction ID: 6f949e7a0589866b0a0b04b37b566997a19670636b2f6af15baacf84f23bd984
Opcode Fuzzy Hash: 4251e16bd41f30f06eb2434df8dfa52092be6fbc758dc8f729ef63cb7e01ef76
Instruction Fuzzy Hash: F3C02B75B6C3810FDF06F3245C460923FE0DE8B10D76800CEA080CF013E680D80187C5

Function 079207EF Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a08abbdd0de6d770a55d6111bb4675ef36fc0a229d41c1f89c239a23aab531f8
Instruction ID: 9ac6e18fd9158d4b393c1dc3d2ce5ef3841205f758a78dec62a9dac322b6c97d
Opcode Fuzzy Hash: a08abbdd0de6d770a55d6111bb4675ef36fc0a229d41c1f89c239a23aab531f8
Instruction Fuzzy Hash: 9DD09EB084411ECBDB249F84D46A7AFBA70EB00308F100415C00165194CBF50586DBD1

Function 04DE0640 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a58b28c38a761f57f11750d7e7a71d0d0dd7d37344f89cf90f00c85b8014cb
Instruction ID: 4ace8f95cc2ed34675333ba6743657f82bd4e281a28d5c8fe4cf7a367c6e473f
Opcode Fuzzy Hash: 22a58b28c38a761f57f11750d7e7a71d0d0dd7d37344f89cf90f00c85b8014cb
Instruction Fuzzy Hash: 32B0122234863853092A319D34114EE738D8A86A76281086BF90DD7782CE865D4103DE

Function 07F378A7 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd9214031c523d6111b6ba5ab810d19d5f131fd252b1fdd732e805ae30d64e4
Instruction ID: 9d0c357ba887f563a9d0e96ca4444285415a136b4f590eafd6d07c4a4cb17ace
Opcode Fuzzy Hash: 0fd9214031c523d6111b6ba5ab810d19d5f131fd252b1fdd732e805ae30d64e4
Instruction Fuzzy Hash: 08C02B302001088FC240FB78E045FE633E8AB44204B10407FE00CC7B24CF30AC0087E1

Function 0792DADE Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77635c8607f9f5546be28ded71884dd50713ad1e7247b45a1a4cb847112d6724
Instruction ID: 8558cf0a2155b3952fcc87fa00967d954c4dd0dd16cf06e67234652b44ace8a2
Opcode Fuzzy Hash: 77635c8607f9f5546be28ded71884dd50713ad1e7247b45a1a4cb847112d6724
Instruction Fuzzy Hash: 17D012B0A4521ADFDB20EF81C5A9BAEBB70AB00309F200815C002A6595C7F41947DF80

Function 079216F9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005919403607d5695076f5dac456d848566a6c082685955eb9f2537dbbf94f62
Instruction ID: 65630e5dadabb34aa4f878a7dfe59701d91e509fb34283331f0d67b0d61f5b04
Opcode Fuzzy Hash: 005919403607d5695076f5dac456d848566a6c082685955eb9f2537dbbf94f62
Instruction Fuzzy Hash: 85C08C1604C38046F30136A198007023F588B03B02F600085D8CC88092E2EA84108B83

Function 07F3A3D5 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604398fe0f366a2324178ac0da23b5aa3e1ec00d3ede09f2fd907156979d31ab
Instruction ID: 83b40cb5ca41dfca53ab417a208e252319d59ccaec46a668e6e1121dd97cdd00
Opcode Fuzzy Hash: 604398fe0f366a2324178ac0da23b5aa3e1ec00d3ede09f2fd907156979d31ab
Instruction Fuzzy Hash: DBB012623140300AC514A1DC60242AE950647D07D5F014827C10646EC28E55885103DA

Function 07F378A8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30bbdd0ed53b485c16a4364da485b16509f8c2cfbd3390c2917739a896a0342
Instruction ID: 97f837512045f9c8c77ca2d1c0aadfc1c4600646289203f62ac32ed6c376e0c3
Opcode Fuzzy Hash: e30bbdd0ed53b485c16a4364da485b16509f8c2cfbd3390c2917739a896a0342
Instruction Fuzzy Hash: D5C02B302001088FC240FB78D044F9633E8AB44204B10407ED00CC7324CF30AC008790

Function 04DE0C10 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2425705366.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4de0000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dee6e9d3a29b74cfc64ecb3760393f7bbb7d0779e925abcbef7313923022205
Instruction ID: 1062477c4c047b850d63dc8d5e956075348864f74b296c1d09c3b55912a18e0d
Opcode Fuzzy Hash: 2dee6e9d3a29b74cfc64ecb3760393f7bbb7d0779e925abcbef7313923022205
Instruction Fuzzy Hash: B0C048312042088BC204AA58E848EA273E9AB98715F1140B9A9098BB72CA72BC50CA99

Function 0792D199 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b9fa96286b2bb1191275c748f121b2f7fd53e190afb35c6c1c7908fc56369ab
Instruction ID: 1a8146f294a5dee8e4f3897f07913dcf3d801027d41077593c21bcf05a1f9201
Opcode Fuzzy Hash: 0b9fa96286b2bb1191275c748f121b2f7fd53e190afb35c6c1c7908fc56369ab
Instruction Fuzzy Hash: 79B09237A000098B9F00DA98F8555ECF335EA8422AB1080A6D219A200086321E298F60

Function 07F37878 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2433846524.0000000007F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7f30000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5302aecf009ce8339dfc1a91bf297baf11fc473b8116f6a13d36e8425ae9800
Instruction ID: e04b58a1a741d082d6949cdcbd6a4fa1e4b0b12a1c3ceced386f8e9ca05b883b
Opcode Fuzzy Hash: a5302aecf009ce8339dfc1a91bf297baf11fc473b8116f6a13d36e8425ae9800
Instruction Fuzzy Hash: A6B012F245F380D7E71D9EB058C211637117E838047954CEECC100D523C93ED053C105

Function 0792DF68 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3ffe329246ed883b62acdac23888fb1b41279edf7eacba8b3f82a3b0d24223
Instruction ID: 4528098f8e8a542bf21f0e12a6fdd3f2da8fc5ecfe9c81dbef7f93be98d0437a
Opcode Fuzzy Hash: 8d3ffe329246ed883b62acdac23888fb1b41279edf7eacba8b3f82a3b0d24223
Instruction Fuzzy Hash: 62A02477F14014C4070050C57C010DDF310D1D0135F00C073C31041004113300375155

Function 07921708 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2432399246.0000000007920000.00000040.00000800.00020000.00000000.sdmp, Offset: 07920000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7920000_OmGui.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af06c2e6d7f9adc18826ee1d6bee2504ca4e706f5a1bbf39b144da5db208e554
Instruction ID: e160d832f0eb6e26bb225ea3ee8f7c5eeb93843ccb217beff27d43823b5dadab
Opcode Fuzzy Hash: af06c2e6d7f9adc18826ee1d6bee2504ca4e706f5a1bbf39b144da5db208e554
Instruction Fuzzy Hash: A4A0223008830CA3C00033C2BC0AF02BB2CC303B22F000000F20C000820AE2200082A2

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AX3-GUI-45.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Open Movement\OM GUI\OmApiNet.dll (copy)

C:\Program Files (x86)\Open Movement\OM GUI\OmGui.exe (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\64x64 converter.ico (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.exe (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.gif (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA Convertor.plugin (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\OMPA convertor.html (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap-responsive.css (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap-responsive.min.css (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap.css (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\bootstrap.min.css (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-9Q84H.tmp

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-DT30I.tmp

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-EL75V.tmp

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-IUM53.tmp

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\is-TFM5V.tmp

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\css\page.css (copy)

C:\Program Files (x86)\Open Movement\OM GUI\Plugins\Convert_CWA\cwa-convert.exe (copy)

Windows Analysis Report
AX3-GUI-45.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre